Laptop Donations (454A/21)
Request
While it is welcome that you are donating unused laptops to schools – as per today’s press release https://www.westmidlands-pcc.gov.uk/laptops-donated/ – I have some concerns about data security, particularly in light of the notebook stolen from a police car last year, endangering the safety of witnesses, which I would not wish to see repeated. Could you please therefore answer the following questions:
- Do/did the hard disks contain(ed) data that is/was protectively marked or classified as OFFICIAL, SECRET or TOP SECRET?
- Are/were the hard disks encrypted, and if so, to what standard of compliance?
- Were the laptop hard disks removed and destroyed, and if so, to what standard of compliance? (If the hard disks remain in the laptops then…)
- Is a user required to enter a ‘BIOS password’ or similar pre-boot credentials before any of the laptops boot into the operating system stored on the hard disk?
- Have any accounts and cached credentials on the laptops been secured against brute force attack and other kinds of attack, and if so, how?
- Have any laptop network connections been secured against unauthorised connectivity or attack, and if so, how?
- Have any physical laptop connections and ports such as USB ports been secured against unauthorised attack, and if so, how?
- Have school IT administrators been issued with instructions as to how to repurpose the laptops securely, and if so, please can we see these instructions?
Response
Please find attached our response.
Every effort is made to ensure that the figures presented are accurate and complete. However, it is important to note that these data have been extracted from a number of data sources used by forces for police purposes. The detail collected to respond specifically to your request is subject to the inaccuracies inherent in any large scale recording system. As a consequence, care should be taken to ensure data collection processes and their inevitable limitations are taken into account when interpreting those data.
The figures provided therefore are our best interpretation of relevance of data to your request, but you should be aware that the collation of figures for ad hoc requests may have limitations and this should be taken into account when those data are used.
If you decide to write an article / use the enclosed data we would ask you to take into consideration the factors highlighted in this document so as to not mislead members of the public or official bodies, or misrepresent the relevance of the whole or any part of this disclosed material.