Thursday, May 27, 2010

Mistakes, far too frequent mistakes.

Credit card companies, for all they occasionally get stung by identity thieves tend to be very, very careful with their customers details, they don't put them on disks or sticks (encrypted or not) and they don't leave them on laptops in taxi's. Nor oddly enough do they post your details to someone else. Yet the civil service of this country seem to have no qualms whatsoever about doing this to all and sundry.

BBC.
The private financial details of up to 50,000 people who claim tax credits have been mistakenly sent out in the post by HM Revenue & Customs (HMRC).
Claimants were sent their annual tax credit award notice, along with personal details of other claimants.
One woman from Hyde in Greater Manchester has told the BBC her letter included her neighbour's earnings.
She also got the bank sort code and the last four digits of the bank account number of another claimant.
The HMRC said it would be apologising to all the people affected.
"Unfortunately an error has occurred in one of the tax credits print runs causing some customer information to be wrongly formatted," said a spokeswoman.
"Investigations are underway to identify the cause of the problem and we will be contacting affected customers in writing this week, apologising and providing a corrected award notice.
"An initial analysis shows that ID theft could not result from this printing error," she said.
No doubt, "Lessons will be learned™" and no doubt it will happen again and again at least until they start sacking some people (complete with civil service union strikes and no doubt SWP solidarity rioting during negotiations) The problem is that the public sector through various means have managed to disconnect action from reaction, there are rarely consequences to their actions and never dismissals for actions that in the private sector would do so possibly with criminal proceedings. Until the realisation gets to the civil service that "heads will roll" should people's data be treat with respect and security then I expect the Cameron/Clegg coalition to be irritated by these scandals on a regular basis.

Simply not good enough no longer works with me for this sort of thing.

5 annotations:

John R said...

Since the new government is barely in place I think the Minister in charge can sensibly claim that the problem will be looking into and "lessons will be learnt" (I know, I know) before setting up the usual inquiry.

I absolutely agree with you that to make the point that this is a new world, where personal data is considered to be of importance, there should be senior level sackings in the department, pour encourager les autres.

There have been enough government failures in the last few years for everyone in the Civil Servcie to have been aware of the problem. Pretneding they dont know what is expected of them is no longer possible. For any group (inc HMRC) not to have already put the correct processes in place to prevent this type of error is no longer acceptable. Heads, senior ones, now have to roll as a result.

It's new broom time.

Anonymous said...

Oh Dear you do live in a strange world.
I have just received my credit account agreement (it wasn't an agreement at all as it turns out just a load of terms and conditions that came into being over 10 years after the card was originally taken out! So the agreement doesn't exist) and with the scanning retrieval record for my account there were three other retrieval records relating to three separate individuals who have six cards between them.

I am not naming the bank as I am about to shaft them big time but I now possess three individuals identities along with their credit card numbers so I could if I was so minded sell them on to the local drug barons or but things on this interweb thingy or even over the telling bone and these poor people would be none the wiser.

Once the bank has been shafted I will of course be contacting the individuals directly to inform them of what the bank has done.

You are right though there is no such thing as a secure personal database when the people accessing such databases are numpties!

Quiet_Man said...

@ anonymous,

Well seems I was wrong about the credit card companies, however at least you are free to shaft them. Try that trick with the government and you might just struggle, though it isn't impossible.

James Higham said...

It's partly the people at the top and partly the people they employ at the lower echelons. Civil service workers are a different brand to private - I've worked in both.

tris said...

I agree with every word QM, except that I too have been sent other people's details by private companies and have visited websites where, once you press the "buy" button you are taken to a page where the last purchaser's details are still visible.

I ended up being epals with a guy in Montréal, and another in California because I contacted them (on email addresses which were stuck in the system) and they got in touch with the companies. I bought absolutely NOTHING of course.

But you are right. With companies you can do something... they might even possibly give you something for free... with the government you get what we have all come to expect from the government.