Ruth Kelly's statement to the House of Commons about the loss of a hard disk by an Iowa-based contractor to the Department for Transport reveals unacceptable security practices, says The Royal Academy of Engineering.

According to the Secretary of State, the personal details of 3 million people were held on a hard disk which went missing from a shelf at the contractor's premises last May. The Secretary of State was notified only in late November.

Dr Martyn Thomas, a Fellow of the Academy, says “Databases that contain the personal details of a large number of people should be regarded as secret and handled appropriately, as a matter of basic security engineering. A recent report from The Royal Academy of Engineering [Dilemmas of Privacy and Surveillance] recommends that such data should be encrypted as soon as it is collected and only decrypted at the point where it is to be processed. It is not acceptable that such data should be held in a form that could be processed by an unauthorised person, nor that it should be stored on a shelf from which it can be removed without any record of who has taken it, and for what purpose and on whose authority it was taken.

“The frequency of recent announcements about the loss of personal data by different Government departments suggests a systemic failure of data protection and security engineering within the public sector.”

Notes for editors

  1. The Academy's report Dilemmas of Privacy and Surveillance was published in March 2007.
  2. Founded in 1976, The Royal Academy of Engineering promotes the engineering and technological welfare of the country. Our fellowship - comprising the UK's most eminent engineers - provides the leadership and expertise for our activities, which focus on the relationships between engineering, technology, and the quality of life. As a national academy, we provide independent and impartial advice to Government; work to secure the next generation of engineers; and provide a voice for Britain's engineering community.