(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Many documents with confidential data including benefit claims, passport photocopies and mortgage payments were found on 17 January 2008 lost on a roundabout near Exeter Airport in Devon, UK.
Mr Karl-Heinz Korzenietz, the finder of the documents, told BBC News: "I thought first of all it was rubbish. But when I looked at the papers I discovered they were highly sensitive. I was shocked and surprised that sensitive papers like this would just be lost like that." Mr Korzenietz has also said that this was the second time he found such kind of documents. On 6 November he found another set of similar documents that he handed over to the Royal Mail depot in Exeter which returned the documents to TNT carrier. However, TNT said they were unaware of any missing data and stated they were not the only company providing services to the government.
The Ministry of Defence (MoD) has also disclosed the theft on 9 January 2008, from a Royal Navy officer, of a laptop containing details on more than 600 000 people including Royal Navy, Royal Marine and RAF recruits, as well as other people wanting to join the services. The MoD has approached the security and intelligence agencies and, although the Joint Terrorism Analysis Centre, considered the threat as low, the ministry approached the banks and individuals whose data were in the missing database. The respective data included passport information, family details, national insurance numbers, driving licence details and even medical information.
According to Conservatives and Liberal Democrats the theft raises further concerns related to the government's plans for identity cards considering that the government would have to convince the public that it could safely manage the identity card system.
These two incidents continue the series of personal data losses that have lately occurred in UK. In October 2007, two discs containing an unencrypted copy of the entire child benefit database were lost in transit between HM Revenue and Customs and the National Audit Office. In December 2007, a hard drive with a driving theory test database containing details on 3 million candidates was lost in the US and at the beginning of 2008 personal details of hospital patients were lost by the NHS.
Conservative MP Chris Grayling said: "You would have thought after the child benefits fiasco every department would have doubled and trebled their efforts. The fact that this hasn't happened is incompetence of the highest degree."
On 10 August 2007, the House of Lords Committee on Science and Technology published a report on "Personal Internet Security" recommending a Security Breach Notification law that would require companies that leaked personal data to notify this event to the people concerned. Unfortunately, in October 2007, the Government turned down the Committee's recommendation.
Richard Clayton, specialist adviser for the Committee and an EDRi-member of the Foundation for Information Policy Research, commented: "What's needed of course is a security breach notification law, so that everyone (not just Government departments as here) is forced to notify people when they lose personal data AND forced to notify a central clearing house, so that researchers can start to build up patterns and observe commonalities, so as to better advise the holders of personal data what they -- as a group -- are doing wrong."
The Defence Secretary, Des Browne, gave a statement to the House of Commons on 21 January 2008 saying that in fact three laptops had been stolen over the previous two years. The head of the Civil Service has now issued instructions that laptops holding sensitive personal data must not be removed from offices.
Personal data found on roundabout (18.01.2008)
http://news.bbc.co.uk/1/hi/england/devon/7197048.stm
Recruits' banks alerted after theft of laptop (21.01.2008)
http://www.guardian.co.uk/idcards/story/0,,2244251,00.html
EDRi-gram: UK government loses personal data on 25 million citizens
(21.11.2007)
http://www.edri.org/edrigram/number5.22/personal-data-lost-uk
Personal Internet Security - House of Lords Science and Technology Committee
5th Report of Session 2006-7 (10.08.2007)
http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/16...
House of Lords Inquiry: Personal Internet Security (10.08.2007)
http://www.lightbluetouchpaper.org/2007/08/10/house-of-lords-inquiry-p...
Government ignores Personal Internet Security (29.10.2007)
http://www.lightbluetouchpaper.org/2007/10/29/government-ignores-perso...