Urgent training needed after serious Government data breach

13 Aug 2008

The loss of a laptop containing 380,000 records of social welfare and pension recipients is a wake-up call for the Government and public and private sector bodies to ensure all staff are trained properly in data protection and use of encryption.

A leading data specialist has reminded executives in public and private bodies that access and management of citizen data is a responsibility, not a privilege.

Last week Ireland was rocked by the news that a laptop containing details on 380,000 pension and welfare recipients which was being used by the Comptroller and Auditor General’s office during an audit of the Department of Social and Family Affairs was stolen, leading to fears of fraud and identity theft.

This was the latest in a sorry saga that saw the theft earlier this year in New York of a laptop belonging to the Irish Blood Transfusion Service, which contained some 175,000 donor records. In recent months, Bank of Ireland Life admitted a number of laptops containing details of 31,000 life assurance customers were stolen in the past year.

“Human error continues to compound the Government’s data loss issues,” said Ciaran Farrell, business development manager of data quality experts, Kroll Ontrack.

“It is clear that data protection technology is moving faster than human procedure. For years, data protection has been about more than simply safeguarding valuable information from competitors. The rise of terrorism and identity theft has rendered it a matter of national security.”

As a result, Farrell said, employees must be trained to view methods like encryption as standard business processes, not practices reserved for special occasions. Other avenues for data storage, like virtualisation, will continue to grow and so will the complexity of the threats designed to breach security measures.

“Businesses, and public sector bodies alike, must start viewing on-going staff training in data protection as essential to the wider business continuity strategy.

“A proactive and considered approach to data management will help to prevent data loss, the cost of which is measured not only financially, but also in terms of the damage that can be caused to an organisation’s reputation.

“Unless the importance of data backup and protection is successfully communicated to the entire workforce, the threat of data breach issues will continue to lurk at the door,” Farrell warned.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years