I doubt Capt Badger's laptop would be above Restricted. The man is clearly a fool anyway.
There are further questions about the 600,000 records lost however. I did the security officer course and subsequent secondary duty (pain in the arrse, RAF police are the best friends you will ever have in this thankless task). It was my job to know at least a little about the JSP 440. So I was left scratching my head, following my letter from MoD saying my details were lost:
- individual protective marking of records: surely Restricted-Staff.
- aggregate protective marking of entire database: I would say Secret (given the tests for protective marking), at least Confidential. Not to be on a bog-standard laptop or IT system.
- Need to hold data: My lost record is 10 years old. I have a corresponding Service record. Is there any need to keep both? If you don't need it, destroy it (and ensure a destruction certificate etc). At the very least, my record should have been archived.
- "Need to know": Does anyone need to have download access to 600,000 records?
- Laptop authorisation: I used to have to sign a Restricted laptop out in advance. Pain in the backside for NATO meetings especially! Who was responsible for the establishment IT security procedures? Normally the CO - in name only - delegated downwards.
- All of the above. We know a hapless matelot left a laptop in his car at the first sniff of rum on a barmaid's apron
. Walk the plank he should, but the ship is leaking big time, the fish is rotting from the head down etc.... This was not an opportunistic theft (as my letter spun it) or down to an individual error of judgement. Security is supposed to be multi-layered, to prevent one individual making such a mistake.