For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
The Daily Star reports that Manchester Police lost an Unencrypted & not Password-protected USB memory stick containing top secret anti-terror documents in the street outside their own Police Station.
The memory stick contained a "Manual on Guidance of Keeping the Peace", more than 2,000 pages of highly-sensitive and confidential information, with sections on countering the threat of terrorism including strategies for acid and petrol bomb attacks, blast
control training, the use of batons and shields, the use and understanding of firearms as well as water cannons and CS gas.
The memory stick was clearly emblazoned with the Greater Manchester Police badge and the initials GMP POTU, standing for Greater Manchester Police Public Order Training Unit.
Since there was also personal data on the drive about individual Police Officers, I hope the Information Commissioner make it his business to remonstrate with them.
When I last wore uniform (a couple of decades ago now) there were very strict procedures for the control of classified documents and publications. They were signed in and signed out in a controlled register, amendments/additions etc were recorded by signature,
and at the end of their life they were shredded and destroyed by fire, with two people present and accountable. I am not aware how these rules and procedures have been amended to cover digital data, but my feeling is that they will have been watered down.
It must be a nightmare to effectively control sensitive and secret information these days!
I find it astounding that memory sticks with such data on them (particularly ones with logos on them) are not encrypted. Okay so this one was lost, but one also wonders what controls there are in place to stop someone taking the stick home and downloading
the data.............that way there would be not even be knowledge of a security breach.
With regard to data privacy concerns, I also touched on these in my recent blog on
biometrics at ATMs. When government departments carelessly lose private data, even if the Information Commissioner does decide to remonstrate, I wonder what punitive or corrective action he is actually able to take to address such breaches and to make
the public Bodies concerned tighten up their controls?
available for hire
17 Aug 2007
This post is from a series of posts in the group:
A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.