This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.
I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.
Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.
The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.
Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.
To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.
On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.
Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.
You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.
The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.
Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…
Shaving — What’s The Best This Man Can Get?
5 years ago
No comments:
Post a Comment