UK: Lost files and data protection
01 December 2007
On 17 December 2007 the UK Transport Minister, Ruth Kelly, announced that the records of over 3 million driving test applicants - including their names, home addresses, e-mail addresses and telephone numbers - had been lost in Iowa in the USA. The hard drive with all the data was lost after it had been taken to Minnesota to be backed-up. The UK data was held at the "worldwide data centre" in Iowa of the global multinational Pearsons (USA) - Pearson Driving Assessments Limited which got the contract is registered in the UK. See: Three million L-drivers hit in lost data fiasco
(Daily Telegraph, link) and Personal details of millions of learner drivers lost by contractor in Iowa
In November Raytheon Systems Ltd of the UK headed a consortium which won a £650 million Home Office contract to track, profile and check against "watch-lists" everyone entering and leaving the UK - see Trusted Borders
(pdf) The parent company Raytheon USA, has 73,000 employees world-wide and describes itself as: "a technology leader specialising in defence, homeland security, and other government markets throughout the world. With a history of innovation spanning more than 80 years, Raytheon provides state-of-the-art electronics, mission systems integration, and other capabilities in the areas of sensing; effects; command, control, communications and intelligence systems."
See: We must not tolerate this putsch against our freedoms
by Henry Porter (Observer, link)
Tony Bunyan, Statewatch editor, comments:
"The loss of personal data of 3 million people, following the loss by the UK's Revenue and Customs loss of 25 million personal records, raises serious questions about data security.
However, another arises when personal data gathered in the UK, under government contract, is held in the USA. We know from the money transfer SWIFT scandal and the EU-PNR personal data transfer scheme that any data held in the USA can be made available to US security and law enforcement agencies in connection with any violation of US law. So it has to be asked: What data protection rights do people in the UK have over the use, processing and further transfer of their data if it is held in the USA?"