The Ministry of Defence (MoD) has detailed how it intends to implement a number of recommendations made by the Information Assurance Advisory Council regarding its data security.
The 51 recommendations were made in a report by Sir Edmund Burton, chair of the Information Assurance Advisory Council, which was commissioned following the loss of laptops belonging to a Royal Navy recruiter which contained personal details of individuals interested in joining the armed services.
New system security procedures, followed through by audits, allowing only qualified users to handle authorized data, retaining only the minimum amount of information necessary and a data-retention policy that complies strictly with the Data Protection Act, are among the changes that will be implemented to ensure the MoD fulfills all of the recommendations.
Bill Jeffrey, permanent undersecretary at the ministry, said: “We deeply regret the losses of personal data. We have identified weaknesses within parts of the MoD that led to this situation and I am confident that we are taking the necessary steps to address them.”
Burton’s report also highlighted that four MoD laptops have been stolen since 2004 and all have been taken from parked cars even though security instructions insist they should not be left in unattended vehicles. However, the security instructions don’t specify that data should be encrypted.
“The effective management of information risks must engage every user — military and civilian — across the department, and within our community of commercial suppliers,” says the report.
Related content:
U.K. defence department adopts encryption after data breaches