Lost USB drive leads to lost contract

USB memory stick

PA Consulting, the firm that misplaced a USB memory stick containing the unencrypted personal details of convicted British criminals, has had its £1.5 million contract with the UK government terminated.

The British Home Office sent the sensitive data via email to PA Consulting in encrypted form, but it was then copied – unencrypted – to a USB data stick that was subsequently lost.

Home Secretary Jacqui Smith says that PA Consulting’s remaining contracts – worth some £8 million a year – would be reviewed.

“Our investigation has demonstrated that although the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost,” she was reported to have said.

It’s no surprise that the Home Secretary is taking a “zero tolerance” approach to firms being careless with personal information, after a string of high profile incidents.

Internal documents from the Association of Chief Police Officers (ACPO) leaked to The Daily Telegraph newspaper have revealed that the USB memory stick was lost after it was put in an unlocked drawer over the weekend by a female employee of PA Consulting.

A confidential briefing note from ACPO president Ken Jones to Andrew Hooke, the chief operating officer of PA Consulting, “expressed his deep dismay at the loss of such data and highlight the potential risks to the public that this may bring.”

Too right mate. It is alarming how many of these accidental data loss incidents are coming to light – all of which could be mitigated by best practices such as ensuring that all sensitive information is properly encrypted.

* Image source: James F Clay’s Flickr photostream (Creative Commons 2.0)