Whitehall looks to encryption

Capacity must be boosted in the wake of ban on removal of laptops holding accessible data

MoD data loss has led to Whitehall laptop ban

Urgent moves to boost the capacity of Whitehall departments to encrypt data are underway following a ban on removing laptops containing unencrypted personal data from government offices.

Orders were issued by cabinet secretary Sir Gus O'Donnell as MPs grilled defence secretary Des Browne on the loss of two further Ministry of Defence (MoD) laptops prior to the one containing data on 600,000 recruits nearly two weeks ago.

Browne announced that, in addition to the Whitehall-wide review, he has commissioned an investigation into weaknesses in MoD information security by Information Advisory Council chairman Sir Edmund Burton.

The latest loss involved a laptop left in a recruitment officer's car overnight in Edgbaston on January 9. The system contained passport, National Insurance and driver's licence numbers, as well as family details and NHS numbers for 153,000 people, and banking details of around 3,700 who actually applied to join up.

Browne told MPs that once relevant information had been passed on to recruits' units he could not understand why it was being retained.

The two earlier laptop losses that have now come to light involved a Royal Navy system stolen in October 2006 and one stolen from an Army recruiting office in Edinburgh in 2005.

Sir Gus announced a civil service-wide ban on removing unencrypted data in an email to permanent secretaries in charge of all government departments. It follows HM Revenue and Customs' loss of discs containing details of 25 million child benefit claimants and a spate of other embarrassing breaches of government data security.

"From now on, no unencrypted laptops or drives containing personal data should be taken outside secured office premises," says the email.

"Please ensure that this is communicated throughout your organisation and delivery bodies and implemented immediately, and that steps are taken to monitor compliance."

Encryption will be required so staff can continue to do their jobs while upholding the ban.