- No one should be able to download large portions of the data without special procedures for data security being enforced (say more than 1,000 records)
- Any data that is transfered should be encrypted with strong cryptography. The key(s) to this encryption should be sent separately to the data and only after the data is acknowledged to arrived safely.
- All data of this type should be sent by a secure transportation company such as Securicor.
- If at all possible the data should never leave the secure site where it is normally resident
- If anyone requests data the bare minimum that they require should be provided with no extra fields.
- Anyone who goes anywhere near this kind of data should be given comprehensive security training.
I couldn't quite believe it when I heard that HM Revenue and Customs have 'lost' 25 million child benefit records. It does seem that the data was password protected, but that presumably means something like a zip file or MS Excel password, then this is akin to losing a suit case with millions of pounds in it and then mentioning it had one of those tiny suit case padlocks on it.It should be clear to any organization, that handles this kind of data, especially in this volume, that security is of paramount importance. Here some the security measures I think should have been in place and would have prevented this from happening: