Civil servants banned from taking laptops home

 

Gallery

By Barry Collins

Posted on 22 Jan 2008 at 08:47

Government departments have been instructed not to take laptops containing unencrypted personal data out of the office, following a series of highly embarrassing security breaches.

The move comes after the Ministry of Defence revealed that the personal details of 600,000 military applicants had been lost on a single stolen laptop.

Defence secretary, Des Kelly, has subsequently admitted that two similar thefts have occurred since 2005.

However, the Tories claim the theft figures are far higher. Sixty eight MoD laptops were stolen in 2007, 66 in 2006, 40 in 2005 and 173 in 2004, according to shadow defence secretary, Dr Liam Fox. "What on earth is going on? How much information on our service personnel is floating around out there? Most importantly, why has nothing been done about it?" Fox tells the BBC.

The thefts, which follow the loss of 25m personal records on CDs by Customs and Revenue, have finally led the government to issue new security guidelines.

"From now on, no unencrypted laptops or drives containing personal data should be taken outside secured office premises," writes cabinet secretary, Sir Gus O'Donnell, in an email to all government departments.

"Please ensure that this is communicated throughout your organisation and delivery bodies and implemented immediately, and that steps are taken to monitor compliance."

However, O'Donnell's guidance doesn't insist that laptops (or for that matter, desktops) are encrypted as a matter of course, which still leaves them vulnerable to theft from office premises.

Security experts say the government is playing fast and loose with data security. "We shouldn't be forced to accept that our files have fallen into the wrong hands, when policies and precautions should be, but aren't, in place to protect us," says Gary Clark, vice president of security firm, SafeNet.