It's easy to not pay attention to the loss of data by government and industry simply because it happens so often. However, occasionally the losses are so dramatic, as in the Veterans Administration case a year and a half ago, that folks sit up and take notice. Such is the case with this week's news that details on 25 million folks in the UK have been lost.
The loss was from HM Revenue & Customs, which oversees child benefit claims. Names, addresses, birth dates, national insurance and bank account details were lost when two computer disks disappeared after being sent through internal physical mail. The Times story, which led its global and UK Web site on November 21, details the reaction to the loss, which wasn't the first by HMRC.
The Prime Minister invoked the circular argument that there is nothing wrong with the system in place and that the problem was that proper procedures were not followed. The illogic of that reasoning is that there is something inherently wrong with the procedures if they are so dependent on employees that not following them leads to massive loss. For instance, policies that mandate automatic encryption of certain classes of data -- and the enforcement of those policies by the purchase and installation of the appropriate hardware and software -- will alleviate concerns over loss of the disks or portable devices. Rules that rely on an intern or low-level employee taking proscribed steps cannot be justified.
Identity theft is a continuing and growing concern and is covered comprehensively. This piece offers something pretty rare: new information and insight. The report, by The Identity Theft Resource Center, doesn't specifically discuss cyber crimes. It does, however, provide important data for companies charged with protecting the information of customers, partners and employees.
The study offers details on the sources of stolen identities; the relationship between imposters and victims; ways in which the information is used; cost to business; cost to victims; time spent repairing damage; incidence of victims not being able to clear their records; time period between the theft and its discovery; time it takes to expunge bogus information from the victims' records; security effects of theft; theft of children's identity; and the emotional impact of theft. A link to the full report is provided.
Ironically, the huge loss of personal data by the British government occurred as CA released results of a study performed on its behalf by YouGov on changes in online behavior due to concerns about security. Seventy percent of British citizens queried said identity theft is affecting their online behavior, 64 percent believe companies they deal with should take more responsibility for data protection and 84 percent said trust level is a factor in choosing companies with which to do business. The survey said only 25 percent trust the government (a figure that is sure to have dropped due to the headlines this week), 19 percent trust retailers and 8 percent trust Internet service providers. The percentages were 23 percent, 21 percent and 11 percent, respectively, in the same study conducted last year.
Those criticizing the UK government should also be cognizant that private citizens and industry aren't particularly careful, either. For instance, SafeNet reports that about 8,500 mobile devices disappear annually at airports across the nation. A study recently performed by ICM says up to 25 percent of users of social networking sites such as MySpace and Facebook are posting sensitive information, according to Monsters and Critics. About 10.8 million people are making themselves vulnerable in this way. The poll covered 2,000 adults. The most careless population was found to be 18-to-24-year olds. Thirteen percent of all respondents -- 27 percent in that age group -- post sensitive information about other people without their consent.