Scottish police have been embarrassed by the appearance at a confidential laptop bought at a car-boot sale.

The laptop contained road accident crash victim pictures, according to the BBC. The Lothian and Borders Police had disposed of the unwanted device through a third-party "specialist" firm, it said. It was bought at a Glasgow car boot sale by a computer engineer. The computer's hard-drive also held data on 200 police officers and yet the system was not password-protected.

Lamentable laptop computer security seems to be a fact of life these days. Consider:

  • Motorola: "Just recently, for example, two laptops stolen from a human resources service provider put the names and Social Security numbers of Motorola employees at risk. At Wells Fargo last fall, information on thousands of the bank's borrowers was compromised when three laptops were stolen from a subcontractor. In both cases, the data wasn't encrypted." (July 2005)
  • SAIC: "US government contractor Science Applications International (SAIC) has reported a break-in at its headquarters during which laptops containing personal information about its stockholders were stolen." (February 2005)
  • Hewlett Packard: "The personal information of 196,000 Hewlett-Packard employees has been put at risk after a laptop containing the data was stolen last week." (March 2006)
  • McAfee: "Only weeks ago, another tech company, McAfee, admitted it had lost personal records relating to 9,000 of its employees, after an auditor left a data CD in the seat-back pocket of an airliner."

Lothian and Borders Police should know all about mobile computer device security. The force recently started using PDAs instead of paper notebooks whilst talking to witnesses, etc. It seems obvious that they should delete files from the hard disks of their systems rather than sending them to an unreliable third-party. Apparently not.