Friday 22 August 2008

Whoops! (Part XXII and counting)

Thus spake Jacqui Smith, Home Secretary, following the loss of a data stick containing personal details of the 84,000 people currently banged up, details of a further 10,000 "prolific offenders" and another 30-odd thousand records from the police national computer.

Ms Smith's response looks very much like "We didn't do it - someone else broke the rules". This rather ignores the responsibility to keep these data safe and any system which allows anyone; external contractor or member of staff, to grab this volume of the stuff without it being spotted is simply not working.

For those interested in the technical stuff consider this. It's very unlikely that there are many copies of the raw data sitting around outside Whitehall, it's certainly not available in a prison because they wouldn't be seeing the police data even if they had access to data about all the prisoners - and I sincerely doubt that they have that. It's also unlikely that it's on any single system, i.e. the database storing the offender records is linked to but not the same as the "prolific offender" data which are both a subset of the police national records. I'd bet a few quid of my own money that the police records aren't stored in an Excel spreadsheet but in a rather whizzy database system with posh front-ends and password protection and stuff. Whoever downloaded these records from wherever did so because they have access (or someone did it for them) to a system at a level where access to the clever stuff wasn't a problem - Whitehall or somewhere near the centre?

One other thing to note - PA Consulting, the jokers being blamed for this fiasco, are working with the government on the national ID card scheme.....................

2 careful considerations:

David Gerard said...

No reason not to let an integrated ID card, biometric passport, complete NHS medical record and chip in your head go ahead! … maybe. http://notnews.today.com/?p=36

G. B. Miller said...

Sounds a lot like what happened here in Connecticut (US), where an employee had personal info (social security numbers, tax information, etc.) on a laptop that was in his car the night it got broken into.

About 30,000 people were affected by the loss of data and were offered a year's worth of free credit report tracking for protection in case of identity theft.

I think the contractor in question is still working with the state of CT, in the Dept of Revenue Services. Goes to show that you can do a momumental screw up and still keep a government contract.