There are numerous reports of “data loss” by the government, almost one every month, whether its the NHS, the MoD, or the Home Office, no government department is free from these failures.
But this is known losses, but how much is stolen without the governments knowledge?
The key thing to remember about data is that if you “steal it” nothing is missing, its not like taking jewels. So unless there are technical solutions in place to monitor and/or stop this, there is no way of knowing if data has been stolen or not. We know that the UK Government do not have these systems in place, therefore data theft almost certainly must occur.
So how much is stolen? Well the government would like us to believe the data is highly protected and only accessed by highly competent people, but we know that the “Data Guardians” are anything but that.
While we can not say how much data is stolen, we can use some very relevant statistics to try and predict this.
The Identity Theft Centre reported in their 2007/2008 report that loss/thefts have the following break down:
- 12.9% hacking
- 15.6% theft by company employees
- 21% lost laptops and other digital media
- 14%, accident publishing
- 11% due to subcontractors
I.e the amount of theft by employees is about 70% the size of the data loss. Therefore for every 10 records lost by government failings 7 will be stolen (mainly due to unprotected systems).
To put this in perspective 37 million records were reported lost in the UK in 2007, therefore we would estimate that round 25 million records to have been stolen.
This means that 25 million records could have been deliberately stolen, mainly from the government, for the purposes of crime.
While this figure is high its not unreasonable.
91% of senior technical staff (CTO’s) believe that cyber crime is a major problem for their company, and the government has invented new powers and laws to try and crack down on the trade in data.
We know it occurs in theory and in practice, and market and government agree. So what are the government doing to stop this?
Nothing.