I think possibly the best words I have to describe how i feel about the following is shocked and appalled. But maybe if I pull out a thesaurus I’ll get some other good words.
The personal details of 25million people in the UK have gone missing.. its pretty mind numbing in its enormaty. I just checked google, and the UK has a population of around 60mil, soo.. thats almost HALF the entire population. Also having just finished a piece of coursework about the Data Protection Act (DPA) I have a much finer appreciation for how all this stuff SHOULD work, and so like I said I’m pretty appalled. The DPA is there for a reason and government agencies need to follow the law as much as private companies.
And I shall split the post here as its a bit long….
To quote some of the KEY points of the DPA
These require personal information to be:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- not kept longer than necessary;
- processed in accordance with your rights;
- kept secure;
- not transferred abroad without adequate protection. (http://www.direct.gov.uk/en/RightsAndResponsibilities/DG_10028507)
And there I highlight the key point that HM Revenue & Customs (HMRC) have breached. To even consider that posting such sensitive information is even partly a good idea is increadulas. To post it via a normal post system is just… well words fail me there.
Now its mentioned that a ‘Junior’ Officials are to blame because they ignored protocol. Hmmm… a part of me wonderes if these people were even made aware of WHAT the protocal was, and whether they even KNEW of the existence of a DPA? It should be the companies responsibility to make sure its staff know how to deal with such information, now if HMRC have failed to do this then you cannot just blame said officials, as there is clearly something much more worrying that is wrong with the entire system. On the other hand its possible someone just was THAT stupid.. its something that we’ll never know I suspect.
Whats more worrying is that according to this http://news.bbc.co.uk/1/hi/uk_politics/7104368.stm something similar happened back in March! If that had happened in a private company then I well believe the Information Commission or something could well have been on them to get their act together and make sure it DIDN’T happen again. (Or at least I hope that would have been the case I will admit I’m speaking from what I learnt from my coursework and NOT real life.) And yet look what HMRC has done.
I mean seriously sending information by mail? What kind of lunatics are you? WHY are you even sending such things by mail these days? Sort out your database, sort out your networking, sort out IT people to maintain security and use some type of secure data transfer.
Also as someone pointed out in a comment I was reading on the BBC, these CD’s are apparently password protected, well thats great.. are they ENCRYPTED? Hmmm? One would hope that they ARE both password protected and encrypted but… at this moment in time it wouldn’t surprise me if they weren’t!
And while I’ll admit that I know nothing on Auditing, does the National Audit Office really need all that specific information on people? If they didn’t then this is YET another breach of the DPA. (adequate, relevant and not excessive;)
It’s just all so mind boggling!
If a big private company ever did anything like this, they would be almost destroyed, customers would lose all faith in them, they’d have the Government on their backs, and yet.. and yet who knows what’s going to happen now! Clearly HMRC needs a good talking to on getting their goddamn DPA procedures sorted! If private companies can get that sorted then why can’t HMRC??
Ack I know I had more points to make but the only one I can remember right now is that the Government stil wants to push the ID Card Scheme…? Er yeah! Because we can totally trust you with such information! (And I know the HMRC isn’t quite Government related, but it is a public service and this is beyond the ridicules now!)
Ohh this is depressing http://news.bbc.co.uk/1/hi/uk/7104395.stm and just reminds me of when I was claiming NI benfit back in April, and they just lost all my details and I had to fill the he forms all over again. *Sigh* lovely.