Government loses 25m records – would you trust them with ID cards?

by Stephen Tall on November 20, 2007

Is there a Richter scale for cock-ups? If so, the Government has just been hit by at least a Factor 9:

Alistair Darling has blamed mistakes by junior officials at HM Revenue and Customs after details of 25 million child benefit recipients were lost. The Chancellor said information, including bank details of 7m families, had been sent on discs to the National Audit office by unrecorded delivery. Mr Darling said it was “an extremely serious failure”.

Of course mistakes happen: you cannot eliminate error, either human or machine. All you can do is minimize it. The Lib Dems have long attacked Labour’s ID card scheme not simply for the personal intrusion of having to carry a bit of plastic if you want to step outside – but because of the huge national database future governments will be building up on all citizens.

Today’s Treasury debacle is another reminder why Labour’s determination to create a database surveillance society in the UK is a privacy disaster waiting to happen.

Enjoy reading this? Please like and share:

18 comments

I don’t support compulsory iD cards any more than you do LDV but I do remember the humungous fuss about CCTV 10 years and more ago and how that has changed.

Even caught a LD councillor turning into a wide-eyed zombie space cadet having set eyes on the “control room”. Ceased to be interested in telling lies about crime figures and police numbers for several hours and suggested “CCTV” as the answer to everything for ages afterward.

Hopefully cock ups like the one they’ve admitted today but say involving a back up being left on the bus or robbed on a lap top from someone’s car or whatever get less and less likely with every occurrence?

by Chris Paul on November 20, 2007 at 4:27 pm. Reply #

First thought in my mind also Stephen

http://andymayer.blogspot.com/2007/11/id-cards-rip.html

by Andy Mayer on November 20, 2007 at 4:35 pm. Reply #

The big fuss about CCTV has unfortunately proven to be true – no reduction in crime detection or prevention, cases of abuse, and a deteriation of policing.

I don’t object to CCTV for security purposes within private ( or even public buildings), there could even be a reasonable case for it in particularly busy thoroughfares – but there is no case or benefit in having it everywhere.

by Aaron Trevena on November 20, 2007 at 4:36 pm. Reply #

What bugs me more than anything about today’s statement is that it was not a mistake by junior officials, that’s just crazy. The system that was specified (presumably) by senior people (if not, why not?) allowed all this data to be dumped to a couple of unencrypted discs.

Processes and procedures, again presumably agreed by senior people, then allowed those discs to fall in to the hands of the junior people. Who then made a mistake. But at least two huge clangers had been made before they came to put the discs in an envelope.

by Rob F on November 20, 2007 at 4:58 pm. Reply #

In my company people would get fired for (putting on and then) losing just details of a few sensible client details.

It is indeed the processes which are broken here – millions of private details are being dumped on portable formats, not being properly managed and then presumably taken off the premises. It’s wrong on just so many levels.

There can’t be anyone who honestly would trust the Home office to look after anything important. And that’s quite worrying, when you think about it.

by Peter Bancroft on November 20, 2007 at 5:08 pm. Reply #

Trust them with ID cards. I wouldn’t trust them with my hamster 🙂

More seriously what this does show is that “strong legal safeguards against misuse” are only any good if they are followed.

Incidents like this do strengthen the arguments for a law to inform people when their personal data is misplaced.

by Hywel Morgan on November 20, 2007 at 5:46 pm. Reply #

I have to agree with Rob F here: How on earth is it possible to dump the data to CDs and give it to a courier without registering or recording it?

They’ve demonstrated a complete lack of understanding of IT security, of the importance of data protection, and frankly, if this were a private organisation that company could well be liable for prosecution. I’ll have to go have a look at the Data Protection Act in detail.

The only way this could have happened is if their internal data protection policies, data security procedures and safeguards and security policies in general were either a) non-existent or b) on paper only, and not actually built into their IT systems.

People should only have the level of access they need to do their job. ‘Burning our entire database to a CD which you can then walk out the door with or just stick in the post’ doesn’t sound like the sort of thing that should be physically possible without the highest level of authorisation and a rigorous audit trail.

Absolute, absolute criminal level of muppetry.

by Charlotte Gore on November 20, 2007 at 5:48 pm. Reply #

“I’ll have to go have a look at the Data Protection Act in detail.”

Well in theory HMRC’s registration to process data could be revoked which might have some interesting consequences 🙂

by Hywel Morgan on November 20, 2007 at 6:18 pm. Reply #

You really couldn’t make it up could you? If you read this in a novel by Jeffrey Archer, you would piss yourself laughing at his naive assumption that any government could make such a stupid mistake. Well, at least we won’t have any problem persuading people that Labour can’t be trusted – this is Labour’s ‘IT Iraq’.

by Martin Land on November 20, 2007 at 6:51 pm. Reply #

Can’t help thinking that the huge staff cuts at HMRC might be one factor behind all this. There should be an independent inquiry into the HMRC’s Data Protection policies and training, and if the pressure from ministers to cut staff is found to be a factor, the last Chancellor should resign….

by Terry Gilbert on November 20, 2007 at 7:50 pm. Reply #

Terry at (10) you are absolutely right. The General Secretary of PCS said: Mark Serwotka, general secretary of PCS said today:

“The extremely serious loss of confidential data should be set in the context of the enormous pressure being placed on HMRC by government imposed job cuts totalling 25,000 by 2011, the recent merger and massive ongoing restructuring, which will see large scale office closures. With additional security checks expected to be put in place for people claiming and making enquiries about Child Benefit we urge the government to put extra resources into HMRC rather than continuing with cutting jobs.

“The union and its members are co-operating with the department and the authorities in their enquiries into the missing Child Benefit data.”

I work for HMRC and serve on the PCS National Executive. I feel this was an accident waiting to happen given the job cuts and low morale in the Department

by Steve Comer on November 20, 2007 at 9:44 pm. Reply #

A question of honour.
The head of HMRC resigns over the loss of some data by one of his juniors but the head of the Metropolitan Police remains in post after one of his officers kills an innocent man.
Just an observation.

by ianshephard on November 20, 2007 at 9:50 pm. Reply #

Government loses 25m records – would you trust them with ID cards?

I don’t really see the connection to be honest. You may as well say, “would you trust the Government with anything?”

by Laurence Boyce on November 20, 2007 at 10:50 pm. Reply #

And can I just put in a word of caution about centrally held medical records as well.

by Alun Griffiths on November 20, 2007 at 10:55 pm. Reply #

I suspect we all know what the big subject will be at Prime Minister’s Question Time… If the Tory latecomers to opposition to the database state don’t steal all the best lines, I’d like to see Vince challenge Mr Brown to express his complete faith in the security of his expensive, intrusive, bullying ID card plan. When Mr Brown does so, I’d like to see Vince ask him whether, then, Mr Brown will reassure the public by telling them he’s so sure that if there’s ever a security cock-up with ID cards, the national identity register or central medical records he would resign.

Because how could Mr Brown take his own livelihood less seriously than the tens of millions of people he’s recklessly endangered?

by Alex Wilcock on November 21, 2007 at 11:39 am. Reply #

The reality is that the Government has systematically and deliberately handed over not only the IT systems but also IT strategy to a handful of very big companies.

Where many other countries have kept a reasonable amount of IT skill in-house within Govt. departments, uk.gov has not.

Economically, this has resulted in the big companies taking us for a ride to the tune of billions of pounds, whilst smaller UK companies rarely get a chance to go for lucrative government contracts.

From the technical side, government departments genuinely lack the expertise and skills to argue effectively with the suppliers and get what they’re given (or what the consultants tell them to get).

Needless to say, the commercial interests of a big multi-national IT company are not always aligned with the interests of British citizens; especially when companies that mess up are welcomed back the next day to bid for more business (e.g. Fujitsu, EDS).

by Iain Roberts on November 21, 2007 at 12:00 pm. Reply #

Watch out for an increased amount of Press stories from the Govt regarding; increased Terrorist threats, hoardes of illegal foreigners, immigrant benefit cheats etc.
I think the majority of Labour members know ID cards wont work & would curtail liberty, but just cant stop trying to be seen as tough for the right wing press.
The climate of fear is going to increase.

by Greenfield on November 21, 2007 at 1:02 pm. Reply #

I’ve written to my Labour MP asking if she will change her support for ID cards now. The neighbouring Labour MP (Jeremy Corbyn) is already opposed. http://bridgetfox.wordpress.com/2007/11/21/data-disaster-part-2/

by Bridget Fox on November 21, 2007 at 1:19 pm. Reply #

Leave your comment

Required.

Required. Not published.

If you have one.