The UK government has revealed that a US-based IT contractor has "lost" the records of three million British learner drivers in the latest missing data scandal to hit Whitehall.
Transport secretary Ruth Kelly was forced to confess to the second major security breach involving personal records from a government department in statement to MPs.
She said Pearson Driving Assessments, a private contractor to the Driving Standards Agency had informed the agency that a hard disk drive had gone missing from its secure facility in Iowa City, Iowa.
And she revealed that the company had not even initially called in local police to investigate the breach.
Kelly admitted that her department has kept the loss of the records secret since May. The data includes the driver's name, postal address, phone number, the test fee paid, their test centre, a code indicating how the test was paid for and an email address,.
She said the hard disk did not contain details of any individual's bank account or credit card, driving licence number, National Insurance number, date of birth, a copy of their signature or even the result of their test, and was " formatted specifically to fit Pearson configuration", so could not easily be read by third parties. Therefore the agency would not be informing the learner drivers concerned.
Kelly said her department is now taking steps to use more electronic transfer of data to guard against future risks.
Only minutes before Kelly’s statement, chancellor Alistair Darling disclosed that the interim report from Kieran Poynter, chairman and senior partner of PricewaterhouseCoopers, on the loss of child benefit records at Her Majesty's Revenue and Customs (HMRC) contained no new disclosures.
Darling said nothing had been found of the missing taxpayer records despite a £20,000 reward and an ongoing police inquiry.
He said Poynter had not revealed precisely who was responsible for the loss pending further inquiries, and said emails indicating a senor civil servant knew what was going on were not conclusive.
A series of measures recommended by Poynter are already being implemented by HMRC including the imposition of a complete ban on the transfer of bulk data without adequate security protection, such as encryption, as well as measures to prevent the downloading of data without adequate security safeguards.
In addition, all personal and laptop computers had been reconfigured to prevent the downloading of data on to removable media and the feature would be reactivated only with the approval of a senior manager, and for a specific business-critical purpose.
"If data and valuable information is consistently lost or stolen or abused the public completely lose confidence in government in general at all levels,” said Liberal Democrat shadow chancellor Vincent Cable.
"It is very difficult to see how we can be confident of the government proceeding with much more ambitious initiatives, not just the compulsory ID cards scheme, but the DNA database and the NHS spine."
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy