It doesn't take much thought to imagine what the consequences of this could be. In financial terms mass fraud could be enacted and people's details stolen and in social terms there is a concern that paedophile rings could now have access to the details of 25 million families with children. So the effects are massive, wide-ranging and potentially disastrous. The police have been called in and questions are being asked in Parliament, the opposition even suggesting that Chancellor Alistair Darling should be called to account.
Well I think that's ridiculous. It's not like the Met Police shooting where the whole methodology could be questioned from the top down. It is stupid to suggest that Mr.Darling could possibly have a direct responsibility for how a junior officer in the Newcastle office of Revenue and Customs chose to post a CD but it does call into question how blase we have become about computers, how much we store on them and how casual we have become about the awesome amount of data which is now held on one tiny file.
It seems that like most huge organisations there were a whole set of conflicting e mails went out from management about costs. The whole Revenue and Customs organisation has just been massively cut on staff and e mails had gone out about 'doing things cost effectively' and other mails asking that data be sent out ' as securely as is reasonably possible'. There seems to have been a huge opportunity for personal judgment about what that meant and one junior officer sent a CD out by courier, without any recorded delivery being paid for. I bet he has done this 100 times before and there has never been a problem. No one it seems laid down any hard and fast rule that said 'If you are sending private details of thousands of people you must always send recorded delivery, you must always..etc etc'
So, in a blame culture, who is to blame? The Government? The senior official who has resigned over this, the junior officer who made what is now considered a mistake..although its probably worked fine many times previously. The postal service who lost it? Who? Its not clear.
Some things are clear though. Too many organisations hold too many details about us which are not sufficiently audited by an outside body to see if they are necessary. Once we have computers we are acquisitive. We are also sloppy. Years ago when we had hand written letters, copies were kept in filing cabinets and locked away. Now you see CD's in IT departments, some containing thousands or millions even of people's details, lying in in or out trays.
The British Information Commissioner, Richard Thomas, has welcomed a move by the Govermment which was introduced this week 'after the horse had bolted' which allows his department now to visit organisations, unheralded, and check that they are in compliance with Data Security regulations. Before the Government made this hasty change the Information Commission had to book an appointment to check compliance. What use is that?
I think this current scandal is the tip of the IT iceberg and we need a total shake up in our complacency about handling the personal details of others. Too many organisations, the Police, the Vehicle Licensing Authority, Health Service, credit card companies, social services etc etc have way way too much information on everyone..and what this Revenue and Customs glitch shows is that much of it is processed in a very cavalier fashion. Major changes are necessary ..and soon...but government seems more concerned with recording even more information about us rather than worrying too much how that information is protected. I hope this is a wake-up call.
No comments:
Post a Comment