The Government and Data Protection

Only yesterday was I watching a programme featuring a story about how Customs and Revenue were doing things like assigning National Insurance numbers to people despite them already being used and sending out someone's complete history of confidential details to the wrong person and getting outraged about their incompetence (I've worked for two branches of the civil service and can say with some knowledge of the subject that they're useless, not generally because the staff are incompetent, but because they're often under-resourced, under-staffed, with a lack of training and support and no motivation, added to which management with no clue seem to be on a mission to make their lives harder).

So when I read an article stating that Revenue and Customs had managed to lose data, including banking data, for every family in the UK with a child under 16 I was doubly outraged. For starters, why the hell was the data on a disk at all? Why was it taken outside of a secure environment, why was it not carried as if transferring weapons? Well, it was sent to the National Audit Office by unregistered internal mail. Not a good advert for the carrier, TNT. The chairman of HMRC (Her Majesty's Customs and Revenue) did have the good sense to resign at least.

This from the government that wants to setup a national ID database, on a technical standpoint the government does not have a good record of delivering large IT projects on time or budget, or even working properly, so I was amongst the many who were dubious they could pull it off for the estimates they have been parading. Try tripling it and you might get somewhere near the actual figure. Speaking about today's leak Shadow Chancellor George Osborne said 'it was the "final blow for the ambitions of this government to create a national ID database" as "they simply can not be trusted with people's personal information"'. I tend to agree.

Liberal Democrat Acting Leader Vince Cable is quoted as saying:

"Why does HMRC still use CDs for data transmission in this day and age? The ancient museum pieces it is currently using for computing must be replaced.

"After this disaster how can the public possibly have confidence in the vast centralised databases needed for the compulsory ID card scheme.

"Where does the buck stop after this catalogue of disasters?"

The Information Commissioner, mind you, only managed:

"This is an extremely serious and disturbing security breach."

No shit, Sherlock. It's your job to make sure people keep data safe, if it was a company I would be expecting huge fines, a probation period and threats of jail time. For a government department I'm expecting people to get fired, a full investigation with a public answer and an apology.

I'm not normally so reactionary about these sorts of things, the MOD loses laptops with sensitive data on with such regularity it's a joke, we're all human at the end of the day, but as identity fraud seems to be the biggest growing, and a frighteningly easy, form of crime at the moment (and having had a relative suffer from it recently) I am very sensitive to restricting access to my data, but it's tough to do that when banks and even government departments are throwing data out there for anyone to have due to a lack of training and a blatant disregard for the law and the impact it can have on ordinary people.