Dear Chief Secretary to the Treasury,
I'm afraid to tell you there's no money left.
Signed, Liam Byrne

(Outgoing Labour Chief Secretary to the Treasury. May 2010)
.
.

Monday, 24 August 2009

Database breached by at least 34 local authorities

.
Henry Porter in the Guardian discovered a little-read report in Computer Weekly, which he reported in his article "Nine sacked for breaching ID card database"

Computer Weekly itself reports that staff from at local authorities have accessed the DWP site and that:-

Computer Weekly has established that staff from at least 34 local authorities have misused the Department of Work and Pensions' (DWP) Customer Information System (CIS) database to look up personal details of the public.

The database, which holds 92 million records on the population, underpins the government's ID card programme. It stores sensitive data such as ethnicity, relationship history and whether someone is being investigated for fraud.

Nine staff have been quietly sacked from their local authority jobs for abusing the database, nine have been given official warnings, two have been suspended, four resigned and six had their database access privileges removed, Freedom of Information requests lodged by Computer Weekly have revealed.

But none of the local authorities have chosen to bring prosecutions against their staff for abusing their access to the CIS database.

So if you illegally access the database to find personal information about your friends, neighbours or celebrities you should do it during working hours, because the worst penalty you can face is losing your job.

In case you didn't spot the link to the list of breaches it's here

These people looked at the personal details of
* friends,
* neighbours,
* work colleagues,
* celebrities,
* acquaintances,
* "someone I knew"
* benefits claimant
* family
*partner

There is also an instance of an individual looking up "friend's father's address" - with goodness knows what consequences.

Also picking up the story is www.PublicService which reports that :-
The CIS database holds 92 million records on the population. It stores sensitive data such as ethnicity, relationship history and whether someone is being investigated for fraud. As part of its terms of use, the Department for Work and Pensions (DWP) – which is the lead department for the system, warned that it may prosecute staff who access files they are not entitled to see. The DWP can also remove access to any council who is considered to be abusing it too much.
Let's play the last bit again :-
The DWP can also remove access to any council who is considered to be abusing it too much.
Too much?

Too much!

They shouldn't be "abusing it" at all!

Could a violent misogynist avoid prosecution by saying, "I didn't abuse my wife too much!", or a paedophile get away with, "I didn't abuse the child too much!"?

No, of course they couldn't, and DWP should be ashamed.

Any data we give the government and its' many agencies is provided on the understanding that it's kept safely. It shouldn't be copied onto CDs or datasticks and left on the train, and nor should anybody's personal information be picked over by government employees who've got nothing better to do with themselves when they're "at work"!

This "secure" database has developed more holes than the Jumblies' sieve!
.

No comments: