impressive health dataloss
John Wilson
tugwilson at gmail.com
Wed Jun 15 12:14:30 BST 2011
On 15 June 2011 10:49, Michael Simpson <mikie.simpson at gmail.com> wrote:
> http://www.theregister.co.uk/2011/06/15/eight_million_health_records/
>
> Even in these post-sony days 8+million health records ("anonymised"
> but still containing age and postcode) going missing is quite
> staggering.
> Someone needs to tell DoH that simple putting a password on a laptop
> without whole disk encryption is not a barrier to using rainbow tables
> to ascertain said password yet it is still trooped out as the first
> line of the "it will be ok" statement from the guilty.
Indeed, or just take the disk out of the laptop and read it on another machine.
Many worrying aspects to this. They say they "manually delete" data
after use I'll put money on that being a non secure delete process.
They waited 3 weeks before notifying the police (that's really fishy
especially as they say they have recovered some of the laptops, I
wonder how?)
It was in a store room which implies that it wasn't actually being
used so why is there still data on it?
Are they required to write to all those whose data they have lost? If
so they'll be buying a hell of a lot of stamps.
Anybody up for an FoI request for their data/computer security policy
and procedures?
John Wilson
More information about the ukcrypto
mailing list