BBC NEWS | UK | Questions asked after data loss

Roland Perry ukcrypto at chiark.greenend.org.uk
Mon, 25 Aug 2008 11:50:01 +0100 

In article <eXaNsDBlQ8rIFwAZ@tigers.demon.co.uk>, Mary Hawking 
<maryhawking@tigers.demon.co.uk> writes
>
>I'm sorry, I still don't understand the situation fully.
>
>>Ian Batten wrote:
>>>  http://news.bbc.co.uk/1/hi/uk/7575989.stm
>
>In the BBC report, it says that the data was given to PA Consulting as 
>part of a research project on tracing prisoners through the system.
>If that is the case, as with the NAO and HMRC child benefit discs, 
>isn't the live data excessive in the first place - and dangerously at 
>risk just by viewing in situ?
>Each prisoner might need an identifier, a year of birth, a release 
>date, a high level post code etc. - depends on what was included in the 
>tracing project - but not, surely, full information?
>So why was the full data set released to PA in the first place?

If the data was held centrally (on a secure Home Office network), then 
to release a "not full" data set would require either some kind of 
filter - so that certain parts of the record such as the prisoner's 
identity were invisible - or replacing the 'existing' identifier with a 
'new' identifier purely for PA's use. I'm not sure that doing the latter 
would deflect much criticism in the event of data loss, even if it would 
make the data less useful.

Even if the replacement identifier was something like "No1 in PA's 
study; No2 in PA's study" etc.

>I still don't understand why anyone - including the individual involved 
>- needed to download the data onto a memory stick

They weren't supposed to, but the obvious scenario is so that the data 
could be examined or processed on a machine other than the one with a 
secure gateway to the Home Office's central database.

>(surely PA has a secure LAN in its offices? )

It's some time since I've done much "security" planning, but I dimly 
recall that one of the main ways to prevent data leakage is precisely 
*not* to allow data to 'flow' from one secure network to another (via a 
gateway). If you need a second set of access, then set up a second 
machine on the first secure network (the one to the Home Office).

And therein may lie the problem. The pain of doing that might tempt 
individuals into making shortcuts.
-- 
Roland Perry