A DNA data disc that was possibly lost has let serious offenders escaping from the Netherlands to commit further crimes in Britain.
The government is being urged to explain why a data disc, containing DNA profiles of 2,000 offenders whom the Dutch authorities wished to trace had been missing for almost a year.
The latest data controversy to hit the government came about after the Dutch authorities tried to track down 2,000 Dutch citizens who were on the run after committing serious crimes. In January 2007, they sent a disc containing the DNA samples of the offenders to Britain's Crown Prosecution Service (CPS) to be checked against the national DNA database.
But, the disc was not acted upon and possibly mislaid for a year before being found and sent to the National Policing Improvement Agency (NPIA), the overseer of the DNA database. The checks started this month and 15 matches have been found, including 11 who have committed further crimes in Britain during the past year.
In a statement, the CPS confirmed that DNA profiles of around 2,000 unknown individuals were sent by a foreign jurisdiction to the CPS to facilitate a check against the national DNA database.
"It is not a data security issue, as this information was always in a secure building, and did not leave the possession of the CPS," said the statement. "As this information necessarily relates to ongoing police investigations, it would be inappropriate to provide any more detail at this stage."
Security experts have called on the government to fix its security processes, in the light of this latest data scandal.
"This is the latest in a long list of missing disks and reinforces the immediate need for an overhaul of the government’s security and data transportation methods. To allow a disc containing such important information get lost in the system is unforgivable. The information on these disks is vital for the protection of UK citizens and aggressive steps need to be taken to ensure this problem is stopped once and for all," said Kim Camman, product development manager at mobile device encryption specialist SafeBoot, a McAfee company.
"Without implementing the necessary security procedures to protect this data in transit, we will continue to see these type data blunders," said Alan Bentley, vice president of Lumension Security, formerly PatchLink.
Bentley added the government and law enforcement agencies need technology and processes to support safe movement of data. "It requires every employee to buy into the change – and this process can take months rather weeks. If the government does not start to address its best practice procedures for taking control of data flow between internal departments immediately, it will suffer a serious vote of no confidence from its European neighbours when it comes to tackling crime."
Simon Forster, consultant at Morse, added: "This is a classic data management issue. Organisations should be putting processes and technology in place to ensure this kind of thing doesn't happen. When a disc, document or anything else containing data comes into an organisation it needs to be logged and then managed. Organisations should be putting workflow technology in place to ensure that when it receives new data, the right people are made aware of its existence and there is a process in place to ensure that any actions pertaining to that data are dealt with. The technology to do this is readily available. It’s just a case of putting in place best practice processes and then implementing the technology to underpin them."
The Conservatives called for Home Secretary Jacqui Smith to come before MPs and give a Commons statement on when ministers learned of the latest data error.