Thursday, October 29, 2009

Here we go again

Not satisfied at losing 25 million child benefit claimant details, nor having the details of 3 million candidates for the UK driving theory test go missing in the USA, Whitehall is warning us of more to come.
Cabinet Secretary Sir Gus O'Donnell said there were "one or two" leaks from areas dealing with national security.
However he said the leaks themselves did not concern national security.
There have been a series of breaches in recent years, including of the entire child benefit records, with the personal details of 25 million people.
Giving evidence to the Commons Public Administration Committee, Sir Gus said he was considering whether the breaches were serious enough to call in the police or the security services.
"There are other areas where there is still information going missing," he said.
Now data security is a hot topic, but it does seem that Whitehall and the civil service in general have a lackadaisical attitude towards the handling of and the access too such data. You might think that they actually have far too much personal data of ours with which to play around with and that it's interlinked in all sorts of ways that aren't strictly relevant to the needs of government.

And you'd be right.

Now I'm aware that the Government and its various departments do need some details of the people who come under their duty of care. However, why do they need so much and why do they keep on losing it? The areas concerned apparently deal with national security, however don't concern national security, so the first thought that runs across my mind is why have such data if it doesn't deal in national security. Is it personal data? Or are they simply reports from other departments?
It seems as if an "I don't care" ethos has spread throughout the civil service, where unencoded cd's with personal data are sent through the post. Laptops are left on trains and departments leak like sieves to MP's and the press. The old adage if you pay peanuts you get monkeys doesn't wash either, most people would take far better care of their personal stuff (although any look into a lost property office would amaze you) I know how to encrypt data, I know not to print out anything that's unnecessary and also how to clear the print cache too if necessary. Systems can be set up to be secure, but unless the whole ethos changes amongst those handling the data the system will fail.

Smaller government will help, dismantling of the database state will help, but most of all cultivating a care for data handling from bottom to top will stop yours and my personal details leaking out either through carelessness or sheer stupidity.

The government should also hang its head in shame for selling such data on to 3rd parties.

The catalogue of shame.

0 annotations: