25 million – not the best day at work

Unless you have been living in a cave or enjoying a nice remote location (lucky you) then the events in the UK over the last 48 hours will not be new to you. 

It would appear from initial reports that 25,000,000 records containing sensitive data were removed from a ‘secure’ database and written to two CDs.  These CDs were then placed into the postal system for unsecured delivery to another organisation.  The location of these discs is still unknown.

  • Maybe there were no policies or procedures in place?  This is the public sector they make a living from the creation of rules that govern our everyday lives.  Policies and Procedures were in place then. 
  • Maybe the information did not have any classification?  Well this is not the case either as more rules and manuals exist to explain to those employed how to handle information. 
  • Was it physically impossible to seperate the data and only send what was required?  No the decision to send it all was based on cost as it was deemed to expensive to undertake the seperation work.  I am sure many people would like to see that risk assessment and the methodology behind it.

This is not the first instance where Information Assurance has been compromised and unfortunately it will not be the last.  The public and the private sector have had and will continue to have IA incidents.  This is more noticable due to the scale and the impact. 

I routinely have to start from the beginning when explaining the rationale behind decisions relating to information security and assurance.  Many organisations assume that IA accrediation and the measures that are associated with this are barriers to business or services delivery.  Good governance is often seen as slowing the capacity of an organisation to react which could lead to loss of business.  The reality is so different.


The number of activities that we all participate in based on confidence is enormous.  Often these are quite ordinary.  Travelling to work by train, driving in the rain, going to bed while any electircal appliance is still connected in your house.  These are acheived as a result of a degree of confidence, without this we would not proceed.

It is the confidence that customers, partners or citizens have in the organisations ability to protect the items that they have entrusted to them which enables that organisation to function and grow.  IA Governance and Accreditation can help this by explaining to all those involved with an organisation how important it is and what the organisation will be doing to ensure that they meet their standards. 

~ by Simon Hancock on November 22, 2007.

One Response to “25 million – not the best day at work”

  1. Welcome Si, great to see you have started up – have a look here for the Blogging tool we discussed: http://www.wbloggar.com/



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: