Published on 17/12/2007 by Jonathan Newell, Editor
The UK Government issues another apology over lost data as DVLA admits driving test applicants data went missing in Iowa.
With ministerial pressure coming to bear on civil servants of all departments to increase security for public data, it was announced that the personal details of 3 million driving test applicants have gone missing but in this case, the data was less useful for identity thieves and, more importantly, there was some level of encryption used.
Although its unclear exactly what level of encryption was used on this data, the fact that it was not simply raw data or password protected provides some confidence that Government department data protection isn’t a complete shambles.
This, after all, is what everyone is demanding. Encryption scrambles the data so that it can only be read by those who hold the encryption key and offers a much more secure level of protection than passwords. Password protection sits as a layer on top of the data and once this is broken through, the data is available to anyone. Encryption operates within the data layer and is a coding system that has to be broken rather than a string of 6-8 characters. Having this level of protection offers incomparably higher levels of security and is more likely to deter potential thieves from trying to obtain access. Very often, and in the case of the DVLA data certainly, the effort required to access the data far outweighs the benefits that can be obtained by gaining access.
With this in mind, there is no comparison between the HMRC and the DVLA data losses in terms of severity but it has nonetheless served to increase the pressure on the Government to increase data security and plug the holes through which sensitive data is leaking. The Chancellor has recommended making improvements in data security and it will soon become apparent if these recommendations are implemented in a consistent manner with a systematic approach that takes out the human factor which is by far the biggest detractor to achieving good data integrity.
