UK Government stands by security of ID cards data plans
The government has defended security measures for its £5.6 billion ID cards scheme in the wake of the data loss crisis at HM Revenue and Customs.
HMRC admitted that records of 25 million people -- including bank details, addresses and other confidential information -- were on computer disks lost in transit to the National Audit Office. The loss -- Britain's biggest security breach -- was seized on by opponents of the ID card scheme. They said the government must think again about the ID card programme and its underlying national identity register in the light of the HMRC debacle.
The UK Identity and Passport Service acknowledged today that concerns over the safety of ID card data "have been raised" and were being taken seriously. "Security is absolutely crucial to the ID cards scheme and measures will have to be assessed by the government's security advisers before it can start operation," a spokesperson said.
He added that in addition to the Information Commissioner's Office -- which is set to be given extra powers following the HMRC fiasco -- the IPS would also be regulated by a separate identity scheme commissioner.
The two watchdogs would work together, he said, with the ICO focusing on Data Protection Act requirements and the identity scheme commissioner "making sure we're only doing what's set out in the ID Cards Act and that we are within the spirit of the act.
"If anything goes wrong, two sets of bricks will come down on us," he added.
The IPS emphasised that the national identity register (NIR) would be designed "afresh" to hold only core identity information and biometrics. "It will not hold tax, benefit or other financial records," the spokesperson said.
"It is planned to hold biometric information on a separate IT infrastructure from biographical data, such as names and address, where it is intended to reuse current Department of Work and Pensions IT infrastructure which already has the biographical data for most UK residents."
He added: "The NIR will have comprehensive audit and alert systems and a range of technical controls in place which allow any activity on the system to be audited and an alert raised if unauthorised access or actions are attempted."
Dual or multiple access controls would be put in place for key functions and the number of staff able to see a person's entire identity documentation or make changes to it would be limited, with these staff going through security vetting, the IPS said.
Requests for NIR information for would have to go through a number of intermediate systems and filters to ensure only authenticated and authorised requests could get through.
The Identity Cards Act also included a measures making it a criminal offence to attempt to compromise the NIR internally, the IPS spokesperson said.
Attempts to tamper physically or technically with the NIR could lead to a sentence of up to 10 years, while any unauthorised disclosure of information from the NIR by staff could bring a two-year jail term.
- +
The 2007 security hall of shame 27 December, 2007 07:47:46
Bad breaches, ghastly gaffes and five people we'd like to forgetHow bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days. - +
Five data leak nightmares 08 January, 2008 10:20:34
When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.Data breaches cost companies an average of US$197 per record in 2007, according to a study by the Ponemon Institute. The average cost of a data breach was US$6.3 million, up from US$4.8 million in 2006. - +
ARN's A-Z guide to networking 19 December, 2007 14:50:54
As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond. - +
Bill Gates: A New Approach to Capitalism in the 21st Century 28 January, 2008 07:12:19
Transcript of Gates speech, and a Q&A at World Economic Forum in Davos, SwitzerlandAs you all may know, in July I'll make a big career change. I'm not worried; I believe I'm still marketable. I'm a self-starter, I'm proficient in Microsoft Office. I guess that's it. Also I'm learning how to give money away.
Click here for case studies, whitepapers and other useful vendor content 
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Intel launches sales of the Core i7 processor Several hundred PC hobbyists came to Tokyo'a Akihabara electronics district late Saturday night as Intel kicked off worldwide sales of its new Core i7 processor.
Electronic voting in U.S. electionDoubts about voting machines are lingering in the minds of many Americans as they head to the polls.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
Extreme Networks Ethernet Transport lowers total cost of ownership for carrier metro networks 20 November, 2008 10:21:00
Understanding Email Marketing: A Guide for SMBs
Email marketing is often viewed as a marketers silver bullet. If used effectively, email campaigns will provide strong results for a limited spend each and every time. Download this white paper to discover how email marketing can work for you and your business.
Buying Guides
Latest Products
