The government lost 53 PCs in the last year, meaning one every week, according to alarming figures just released by the Conservative party.
Some 36 Blackberry devices, 30 mobile phones and four memory sticks were also lost, the figures state. They were collated by Conservative shadow housing minister Grant Schapps, from parliamentary written answers.
The Department of Health, in charge of the £12.7 billion NHS programme to digitise sensitive patient records, was the largest culprit, according to the figures, losing 14 PCs. The Department for Children, Schools and Families lost 13 PCs, the Department for International Development lost nine, the Department for Transport five, and the Department of Justice four.
But the Ministry of Defence and the Home Office did not reply to a question asking about lost devices, Schapps said. He called for the government to “urgently review” data security, adding that the government seemed “incapable of keeping our data secure”.
The damning statistics, in a year when Whitehall was also calculated to have lost the personal details of one in every fifteen people in the country, have raised questions over how the government can stem the losses.
Greg Day, analyst at security supplier McAfee, told Computerworld UK that losses were an inevitability but the government had to improve how it monitors and controls data movement.
“What this highlights, is you need to know who is using the devices and why, and what data is on them,” he said. “If that data is sensitive, should it be on the device? If it is on there, it needs encryption.”
Public sector employees needed to be better educated on data protection, he said, and the government needed to understand what data it has, as well as controlling how it is used.
“There are tools that go through and catalogue the data. They can be used alongside data loss prevention tools to control what you can access, when and where, according to policy. Device control technology can limit data leakage on removable devices, and encryption can help prevent unauthorised people from accessing the data if it is lost,” he said.
Philip Wicks, at IT services supplier Morse, agreed that better controls were needed, adding it was not realistic to prevent people using removable devices.
The government taken sensible steps by moving data between local authorities and Whitehall on secure private networks and the Government Secure Intranet, and by moving away from mobile devices carrying sensitive data, he said, explaining that this was a good example the private sector should follow.
But he added: “The best way to protect data [for people on the move] for both public and private sector companies is to put the right policies and procedures in place, enforce them and use technology such as encryption.”