According to a investigation carried out for the Ministry of Defence by Sir Edmund Burton, new recruits to the armed forces belonging to the so-termed “Facebook generation” failed to take adequate data security measures.
MoD Laptop Thefts
Sir Edmund, Information Advisory Council Chairman, was asked to look into the issue of security following the theft of a number of MoD laptops, of which one occurred at the beginning of 2008.
In a stark report, Burton asserted that the MoD’s Cold War data security ethics had disappeared, with “little awareness” of the importance of security within its employees.
Consequently, a significant event involving security had, he said, been “inevitable.”
The 2008 laptop theft occurred from a vehicle parked in Edgbaston, Birmingham, UK. On it were records relating to 600,000 service personnel and armed forces applicants.
It was subsequently discovered that, between 2004 and 2008, a total of four laptops had been stolen in similar circumstances.
MoD Data Protection Act Obligations
Combined, said Sir Edmund, the losses pointed to a “failure of supervision”, with a “very limited understanding“ of the ministry’s obligations in connection with the Data Protection Act.
"During the Cold War, awareness of real security was ingrained in individuals and organisations", the report stated. "Audit, inspection and compliance regimes were rigorously underpinned by codes of discipline.
"These well-developed processes and procedures have not been translated, effectively, into the information age.
"Generally, there is little awareness of the current, real, threat to information, and hence to the department's ability to deliver and support operational capability.
"Consequently, there can be little assurance that information is being effectively protected."
New Military Recruits
Sir Edmund highlighted the “Facebook generation” that new recruits belonged to.
Young British military personnel, he said, were accustomed to the “rapid and often uninhibited exchange of information."
“At work, this behaviour must be tempered by common sense and sound judgment, informed by data protection practice, and the particular concerns of MoD work.
"However, returning to the strict information control of the type applied to paper documentation of 15 or more years ago is not considered practical in the modern working and cultural environment."
Personal Record Access
The MoD, said Burton, had sought to implement up-to-date working methods, especially within Personnel, with better access to personal records.
However, "one consequence of embracing this new data sharing culture has been a decline in overall departmental security practice.”
Senior officials, Sir Edmund wrote, "shared a concern that the younger generation of MoD staff are not inculcated with the same culture of protecting information as their counterparts from previous generations."
In all, 51 suggestions for improvement were listed, among them, the setting-up of a “coherent system of censure and punishment" for those responsible for losing or compromising the security of personal information – a system flexible enough to apply to different severities of loss.
Source – Armed Forces International’s Political Correspondent
No comments:
Post a Comment