50,000 Staff Files stolen from Innsworth
Bigt wrote:
I suspect they are trying to save on postage by only replying to those people who have contacted them in the first instance. I have still not received a reply to my enquiry and the clock is ticking down for them to respond. I've copied the following quote from the SPVA's own web-site:
"Our Mission : To deliver reliable, trusted and efficient personnel services to the Serving and Veterans communities.”
Shows they really care!
Has anyone been contacted by the `powers that be` without themselves contacting the `powers that be` in the first place re this theft?
"Our Mission : To deliver reliable, trusted and efficient personnel services to the Serving and Veterans communities.”
Shows they really care!
Join Date: Oct 2007
Location: north of london
Posts: 4
Likes: 0
Received 0 Likes
on
0 Posts
Hello
First post on here from a long time lurker. Sent this letter to SVPA recently:
"Please inform me what data relating to me was on the storage devices recently reported in the press as being stolen from SPVA Innsworth.
My service number was XXXXXXX I retired on XXXXX as a XXXXX. My address (above) is that to which information on my RAF pension is sent.
As requested by your helpline operator yesterday I attach copies of two items of identity/address confirmation. I do this under protest. In circumstances such as these the data owner/holder (ie SPVA) should immediately and automatically forewarn all those possibly subject to data compromise, at their last recorded address. Further specific information should be provided as the investigation progresses. It should not be incumbent on those at risk to have to request information and to provide proof of address or identity.
My costs in this matter to date are:
Time:
Follow up internet search after release of story for more specific details; identification of help line number: 30 minutes
Conversation on helpline: 5 minutes
Preparation of this letter: 10 minutes
Journey to post box (return) 15 minutes
Total 1 hour. At my current charging out rate of £200 per day = £25
Direct costs;
Postage: £0.34. PC ink/paper £0.16. Total £0.50
Please attach your remittance of £25.50 to your response to my request for information, or pass this letter (as a bill) to the department responsible for this debacle (ie not necessarily the one that lost the hard drives, but the one who should have implemented a better follow up/damage limitation process that conformed to the Data Protection Act in the context of loss or compromise of personal information)."
I don't hold out much hope for a repayment of costs - its the bl**dy principle of having to ask for details that stinks. When the DHSS or whatever it's called nowadays "lost" details of Child Benefit Recipients not long ago they wrote to them all individually.
(former) Stacker
First post on here from a long time lurker. Sent this letter to SVPA recently:
"Please inform me what data relating to me was on the storage devices recently reported in the press as being stolen from SPVA Innsworth.
My service number was XXXXXXX I retired on XXXXX as a XXXXX. My address (above) is that to which information on my RAF pension is sent.
As requested by your helpline operator yesterday I attach copies of two items of identity/address confirmation. I do this under protest. In circumstances such as these the data owner/holder (ie SPVA) should immediately and automatically forewarn all those possibly subject to data compromise, at their last recorded address. Further specific information should be provided as the investigation progresses. It should not be incumbent on those at risk to have to request information and to provide proof of address or identity.
My costs in this matter to date are:
Time:
Follow up internet search after release of story for more specific details; identification of help line number: 30 minutes
Conversation on helpline: 5 minutes
Preparation of this letter: 10 minutes
Journey to post box (return) 15 minutes
Total 1 hour. At my current charging out rate of £200 per day = £25
Direct costs;
Postage: £0.34. PC ink/paper £0.16. Total £0.50
Please attach your remittance of £25.50 to your response to my request for information, or pass this letter (as a bill) to the department responsible for this debacle (ie not necessarily the one that lost the hard drives, but the one who should have implemented a better follow up/damage limitation process that conformed to the Data Protection Act in the context of loss or compromise of personal information)."
I don't hold out much hope for a repayment of costs - its the bl**dy principle of having to ask for details that stinks. When the DHSS or whatever it's called nowadays "lost" details of Child Benefit Recipients not long ago they wrote to them all individually.
(former) Stacker
Join Date: Jul 2005
Location: South West
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
Stacker
I like your approach, billing them for your time. Can't believe they'll take you seriously though, quoting £200 a day for a stacker.
You should have chosen a far lower rate if you wanted to be taken seriously.
N Joe
I like your approach, billing them for your time. Can't believe they'll take you seriously though, quoting £200 a day for a stacker.
You should have chosen a far lower rate if you wanted to be taken seriously.
N Joe
Join Date: Mar 2004
Location: Turks and Cacos
Posts: 324
Likes: 0
Received 0 Likes
on
0 Posts
Received a letter in the post today. Postmarked Gloucester. Thought it was going to be a pay rise or a bonus....but then my hopes were dashed. Oh well never mind.
Not very specific really....
Dear OTTB,
Following your request, we have carried out a search of the information that had been transfferred to the drive; they include general service information relating to your self.
Following your request, we have carried out a search of the information that had been transfferred to the drive; they include general service information relating to your self.
Join Date: Mar 2004
Location: Turks and Cacos
Posts: 324
Likes: 0
Received 0 Likes
on
0 Posts
Another drive missing.........
BBC NEWS | UK | MoD computer hard drive missing
This is taking the pi$$
BBC NEWS | UK | MoD computer hard drive missing
This is taking the pi$$
Join Date: Apr 2005
Location: France 46
Age: 77
Posts: 1,743
Likes: 0
Received 0 Likes
on
0 Posts
Why did it take more than 24 Hrs to issue a statement?
Are MOD going to accept liability for any fraudulent transactions carried out in the period from notification of the loss of data and the statement issued to the Media?
What assistance is being provided for the Families of those on Active Service to help them cope with this situation?
WHY HAVE HEADS NOT ROLLED?!!!!
Rant Over.
Are MOD going to accept liability for any fraudulent transactions carried out in the period from notification of the loss of data and the statement issued to the Media?
What assistance is being provided for the Families of those on Active Service to help them cope with this situation?
WHY HAVE HEADS NOT ROLLED?!!!!
Rant Over.
Join Date: Feb 2004
Location: Wiltshire
Age: 59
Posts: 903
Likes: 0
Received 0 Likes
on
0 Posts
We might as well put our names and addresses, bank details, inside leg measurements etc etc...on the internet. At this rate they are just as safe there are they are with the MOD.........
......how many months before the audit was the drive "lost"?
The MoD said it was told the drive was missing on Wednesday following a priority audit carried out by EDS.
Join Date: Nov 2005
Location: lincs
Posts: 4
Likes: 0
Received 0 Likes
on
0 Posts
Hey all, its been a while since I have been on here and would like to say thanks to all who have contributed to this thread.
I followed the advice given in earlier posts and have just received a letter from AVM Simon Bryant.
The crux of it reads:-
"Following your request, we have carried out a search of the information that had been transferred to the drive; they include medical casework information relating to yourself"
blah blah please accept my sincere apologies on behalf of the Ministry of Defence.
I am absolutley gutted how this could have happened. The Royal Air Force has let me down badly. Any advice from senior officers welcome.
I followed the advice given in earlier posts and have just received a letter from AVM Simon Bryant.
The crux of it reads:-
"Following your request, we have carried out a search of the information that had been transferred to the drive; they include medical casework information relating to yourself"
blah blah please accept my sincere apologies on behalf of the Ministry of Defence.
I am absolutley gutted how this could have happened. The Royal Air Force has let me down badly. Any advice from senior officers welcome.
Join Date: Feb 2004
Location: Wiltshire
Age: 59
Posts: 903
Likes: 0
Received 0 Likes
on
0 Posts
Data Protection Act
Complaints section - Information Commissioner's Office
Looks easy enough to do and can be done via e-mail.
The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Not transferred to other countries without adequate protection
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Not transferred to other countries without adequate protection
Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help.
Looks easy enough to do and can be done via e-mail.
Join Date: May 2004
Location: Up North
Posts: 801
Likes: 0
Received 0 Likes
on
0 Posts
Note that there are now three data losses. The Information Commissioner held that the MoD was not in compliance with the Data Protection Act (third and seventh principles) and issued an enforcement notice, with the requirement for 3 monthly monitoring reports. MoD issued a response to this, detailing how the 51 recommendations of the Burton report (response to data loss 1) would be addressed. Information Commissioner also took account of Article 8 of ECHR.
The issue of compliance and non-compliance is not in doubt: MoD was not compliant with the DPA when these losses occurred. A key issue is how the implementation of the Burton recommendations was being carried through. Was anything kicked into the long grass due to costs? Was there an immediate tightening of procedures, or did they sit with the proverbial thumb inserted over the summer? Do these data losses even precede data loss 1 ie. not picked up until now - what is the chronology?
It is clear that MoD are liable for compensation claims for damages arising from data loss 1 and will probably be liable to claims arising from these second losses. The Information Commissioner found that distress had occured, but compensation is normally only payable for distress when damage has occured as well. I do wonder how restrictive the "normally" caveat is...perhaps it needs tested in court!
http://www.ico.gov.uk/upload/documen...d_en_final.pdf
http://www.mod.uk/NR/rdonlyres/F0437...an20080625.pdf
http://www.ico.gov.uk/upload/documen...sation_2.0.pdf
The issue of compliance and non-compliance is not in doubt: MoD was not compliant with the DPA when these losses occurred. A key issue is how the implementation of the Burton recommendations was being carried through. Was anything kicked into the long grass due to costs? Was there an immediate tightening of procedures, or did they sit with the proverbial thumb inserted over the summer? Do these data losses even precede data loss 1 ie. not picked up until now - what is the chronology?
It is clear that MoD are liable for compensation claims for damages arising from data loss 1 and will probably be liable to claims arising from these second losses. The Information Commissioner found that distress had occured, but compensation is normally only payable for distress when damage has occured as well. I do wonder how restrictive the "normally" caveat is...perhaps it needs tested in court!
http://www.ico.gov.uk/upload/documen...d_en_final.pdf
http://www.mod.uk/NR/rdonlyres/F0437...an20080625.pdf
http://www.ico.gov.uk/upload/documen...sation_2.0.pdf
Join Date: Aug 2006
Location: firmly on dry land
Age: 81
Posts: 1,541
Likes: 0
Received 0 Likes
on
0 Posts
Jess, scanned the Burton report. I know at least one item that has not got this far down the tree - CD and Floppy audits.
I asked the question before June about allowing Atlas to walk off site with the old HDD and was told 'no problem.'
Not now there isn't, they won't!
I asked the question before June about allowing Atlas to walk off site with the old HDD and was told 'no problem.'
Not now there isn't, they won't!
Join Date: Jul 2005
Location: South West
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
Same MOD, Different Rules?
How come the MOD (SPVA) won't tell me if they've lost my data without hard-copy photo ID but the MOD (Recruit Data) were quite happy to respond following e-mail validation of identity?
Thank you for your e-mail response.
I have checked the database and can confirm that your information is not stored on it in any form.
As a negative trace has been returned we do not have any information to send you and therefore trust that this satisfies your query.
N JoeI have checked the database and can confirm that your information is not stored on it in any form.
As a negative trace has been returned we do not have any information to send you and therefore trust that this satisfies your query.
I don't own this space under my name. I should have leased it while I still could
Joe, was that data loss 1 (recruit) rather than data loss 2 (records) or data loss 3 (everybody else?)?
Join Date: Aug 2006
Location: Middlesbrough U.K.
Age: 86
Posts: 360
Likes: 0
Received 0 Likes
on
0 Posts
When I came out of the R.A.F in 1961 all I came out with was a pair of P.T shorts and a pair of work boots. I hope they don't ask for them back. I've still got the boots.