Government Databases

  bstb3 13:12 20 Nov 2007

With all the talk about identity fraud, ID Cards, DNA databases and pre-travel questioning, its good to know that those in control of the data can be trusted not to do something stupid with it. Like putting all the sensitive data on a disc and taking it for a walk...

click here

It beggars belief, it really does. Just goes to show that no matter how bad a computer system might be, it still takes human interference to really mess it up. At least it wasnt the home office this time (although no doubt some wag somewhere will find a link).

  GANDALF <|:-)> 13:35 20 Nov 2007

Apparently there are 15 million names on the discs. Why, in this day and age, the database cannot be kept on a central, secure server that can only be accessed by certain computers with the appropriate encryption key, is quite beyond me. If the laptops/computers were lost then there would be no info on them. I'm sure that there must be a logical reason why a central server cannot be used.


  JanetO 13:57 20 Nov 2007

A punishment to fit the crime; Paul Gray should be taxed at the higher rate of 90% for the rest of his life.

  silverous 14:05 20 Nov 2007

This is inexcusable from my brief understanding of it.

The compliance that is expected of financial institutions, utilising readily available technologies like encryption, should surely be expected of the government that presides over such expectations of other areas of the economy.

If this happens in a Bank there is a 6 or 7 figure fine and heads roll. The problem with fining the government or the government fining itself is that either way we pay ?

  anskyber 14:25 20 Nov 2007

At the moment we do not know (we the public) whether the data was encrypted or not.

clearly the transportation of the discs fails the data protection requirements so it looks like a straight forward cock up.

  silverous 14:33 20 Nov 2007

Anskyber, don't you think they would have immediately advised that as part of their statements if it was the case or indeed standard policy? It would perhaps give a lot of comfort, I suspect they couldn't say that because they don't know, perhaps yet, implying it isn't standard policy across the board to encrypt. This is an assumption, let's see what falls out.

Talking about heads rolling, and not wanting to take this off topic, but it is interesting to note that the guy at the top goes because Data Protection rules have been breached, but the head of the Met doesn't see fit to go when someone dies. We should keep this about one and not the other but I thought that was an interesting contrast.

  Jimmy14 15:00 20 Nov 2007

I think it is so stupid that the government put 15 million names on CD's. I also think that criminal proceedings should be brought upon the chairman, Paul Gray who has just resigned as he was responsible for HM Revenue and Customs.

  Monoux 15:01 20 Nov 2007

silverous-- Good point about head of HMRC & Head of the Met -- just goes to show that at least someone in HMRC had some integrity unlike the other organisation. Notice too so far no politician is accepting any responsibility -- again

It also might have been a good idea to let people know that their data had been released into the wild a bit nearer the time it happened instead of keeping quiet about it thus denying them the oportunity to be more on their guard.

  Monoux 15:06 20 Nov 2007

Quote from the BBC article linked to above talking about HMRC "It is run by an executive board, but the chancellor is responsible to Parliament for its operations."

So shouldn't Darling take responsibility for his department ? or if he says it as before his time then surely Brown should.

Whichever way you look at it then one of those two was in charge when this happened and should accept responsibity.

  newman35 15:13 20 Nov 2007

But getting a politician to accept any responsibility for anything is a might like trying to eat soup with a fork.

  bstb3 15:23 20 Nov 2007

The way I look at it, anyone that knew that the transportation of such sensitive information took place in this obviously insecure manner (be it encrypted or not) has responsibility for this and should at the least be severely reprimanded. Given the scale of the issue, heads have to roll.

The question I have is that where does the buck stop? Would the chancellor (Darling, or Brown before him) have known about the policies? Clearly they have an overall responsibility for the HMRC, but they cannot really be expected to know of each and every practice undertaken. Of course if they knew this went on, yet did nothing to intervene then they should be held responsible, but they probably didnt.

I am just as concerned about the fact that the loss was known of 9 to 10 days ago (according to the BBC), yet only now are the public (the victims in all this, so to speak) finding out about it. Had the discs fallen into the wrong hands, who knows what could have been done by now that maybe could have been prevented.

Was the delay due to everything being kept quiet so as not to alert those who might look to benefit from this? Or was it merely to provide more time for those in charge to look to resolve things before facing up to their potential responsiblities and possibly dampen another bad news day with the good news that the discs had been found?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

50 best online Adobe XD tutorials

iPad Pro 10.5in (2017) review

Comment connecter un MacBook à une TV ?