Friday, November 23, 2007

Missing disks

It is very big news in the UK this week that HM Revenue and Customs have lost two cds containing benefit details of 25 million people when posting them to the National Audit Office. There are lots of news articles, but this one from the BBC is a good place to start.

I think there are a number of worrying things about this case. Not particularly that the disks got lost, as that is entirely predictable. I would expect arrangements are made to minimise the likelihood of it happening, but it can never be zero.

Instead I am concerned that little effort seems to have been made to have protected the data. As I understand it was not encrypted, so could be quite easy to extract by someone who knew what they were doing. Also, some of the data was not necessary but it was considered too expensive to remove it. I would have thought the need to send this type of information to the National Audit Office would be known, and hence that databases etc. would have been set up to allow it to happen safely and easily. It seems that is not the case.

I am also dismayed that the government are so quick to deny systemic failures and blame junior members of staff for not following procedures. What a terrible attitude towards organisational responsibility.

Andy Brazier

No comments: