Sitewide
RSS Feed:
Crap Government IT Rules OK? Oh well, pass the biscuits.
 |
By: Nigel Stanley, Practice Leader - IT Security, Bloor Research Published: 20th November 2007 Copyright Bloor Research © 2007 |
 |
Delicious
Digg
reddit
Facebook
StumbleUponAs I sit writing this rant I can feel the collective blogsphere seething at news that HM Revenue and Customs have managed to lose millions of child benefit records - up to 24 million according to BBC News at the time of writing.
Apparently the data, on CD, was lost as it was being couriered to the National Audit Office (Why by the way?). Apparently the discs were "password protected" but I haven't seen mention of the "encryption" word yet. I assume the data was not suitably encrypted, if it was then the loss would have been an irrelevance and the data safe and sound.
I have written so many lines covering data leak prevention and loss protection that I am starting to see double. I'm currently researching over 70 vendors that have products that prevent data going missing (data leak prevention) or encrypt it so that if it does go missing it is protected (data loss protection). Almost anyone of these vendors could have flogged HMRC a product that could have saved them a lot of pain today, and it is appalling to hear of such a data loss.
For heavens sake, you can pop down to PC World and buy an encryption product for the price of biscuits at a civil service meeting.
Enough must be enough.
The loss of 26.5 million war veterans' data from the United States Veterans Association a couple of years back when a laptop, containing unencrypted data, was stolen in a burglary is often cited as the event which changed a lot [but certainly not all] of organisational attitudes to data encryption in the US, but we obviously have a long way to go.
With a government intent on building ID and DNA databases I shake my head in horror at the sheer incompetence of those charged with designing, implementing and managing the systems. Of course there must be pockets of excellence in government IT that are as freaked out as I am about this news, but I believe them to be a shrinking minority.
I really hope that this disaster is the beginning of a change in attitudes to data protection in the UK and the importance of data leak prevention and loss protection. Somehow I think I may be disappointed though.
Anyone for another Jaffa Cake?
Reader Comments
We are no longer accepting comments against this item. We suggest contacting the author directly.
20th November 2007: 'Sean' said:
This is utterly appalling.
Everywhere says ID theft is on the increase and the government misplace millions of records!
What is this country coming to?
20th November 2007: 'John Stelling' said:
Okay the government screwed up. What about the courier? Surely they are to blame too.
21st November 2007: 'Jerome' said:
And we are supposed to trust these jokers with a complete national identity database with all our personal information in one central place? They must be joking!
21st November 2007: 'Del' said:
I carry no brief for HM Government on this, but it was a bit ironic to hear the Conservatives' outrage at this lapse of data protection. After all, their own recent policy review announced pledged them to cut back the UK's data protection laws if they ever get back in office.
Presumably that particular brainwave will be allowed to die quietly now under the cover of obvious public disquiet with HMRC.
21st November 2007: 'Peter Abrahams' said:
If a relatively junior employee was able to create a copy of all the data and pop it in the post can we be sure that he or someone else has not created a copy and just put it in their briefcase?
If we cannot be certain we have to assume it has happened, now what?
22nd November 2007: 'Dave Nesbitt' said:
The blogosphere is certainly seething and quite rightly so. It's simply ridiculous. Three things need to come out this: we private citizens need to understand the value of their private data to fraudsters and hang onto it when they can; organizations that train us to hand over our privacy and then store our ID data insecurely need to wise up before they are the next ones making the headlines; the UK Government needs to give up the ridiculous idea that is the ID Card database.
http://icanhasidentity.wordpress.com/2007/11/22/sober-reflections-on-the-child-benefit-agency-debacle/
11th January 2008: 'wtsurview?' said:
THe most obstructive degrading untrustworthy people and they all seem to be running the country ,I personally love ,with a constant stream of mistakes and corruption what did my grandfather fight for ? disgusted is one word that comes to mind. As I am a 18 year old that should be more bothered about whos going to be playing the next big gig's ,or when my team are going to make the big four in the premiership (or the FA)and not politic's i feel WE HAVE A SERIOUS PROBLEM. will anyone listen .... NO!
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.