Security breach of the week...big one this time in the UK...one question, why do folks continue to put information UNENCRYPTED on CDs? The information should in my opinion be retained on a secured server...with today's network connections, etc. there is really almost no reason to be transporting such crucial and personal data on CDs...bandwidth issues maybe? Last week there was an article about physicians in the UK not trusting the records system...BD
The Times has been told that at least ten discs holding personal information about millions of people — not two discs as originally suggested — have yet to be accounted for after they had been sent from Revenue and Customs’ offices. Recorded on the files were the addresses, phone numbers, e-mail details and bank information of people such as Lord Falconer of Thoroton, the recently retired Lord Chancellor, and Lord Woolf, the former Lord Chief Justice. Mr Milford, 46, said that even after his work finished in July he was never asked to return the discs.
The Government was forced to begin a separate investigation last night after a businessman claimed that he was posted two discs containing highly sensitive information about judges, barristers and solicitors.
The discs were not registered properly or encrypted, leaving them open to fraudsters. The Department of Health says that there are no plans to export the processing of patient files, but a leaked internal NHS document, seen by the IT magazine Computer Weekly, reveals that the review is being held.British organisations which send personal data abroad for processing remain legally responsible under the UK Data Protection Act for ensuring it is secure.
Related story: http://www.guardian.co.uk/uklatest/story/0,,-7102999,00.html