Over and over and over and over….

It happens over and over again. Today the BBC reported that Her Majesty’s (HM) Revenue and Customs has lost the bank details of 15 million(!) child support recipients, apparently that’s all of them. The story is probably going to develop over the coming days. Our government seems to be good at using technology badly. My question, how are the public supposed to have any confidence in government IT systems, some of which have web interfaces, when these situations seem to be becoming so commonplace? Listed are some of the other security bungles that have caught my attention recently:

  • New intelligence chief reveals all on website“, 16 November 2007
    The most senior British intelligence official, appointed yesterday to oversee MI5, MI6 and GCHQ, has a website revealing his home address, phone numbers and private photographs of himself, family and friends.
  • Foreign Office web security failed Data Protection Act, says info office, 13 November 2007
    The Foreign Office has promised to keep data safer in future, after its website exposed the details of those seeking visas for entry into the UK. An investigation by the Information Commissioner’s Office (ICO) found a breach of the Data Protection Act.
  • Lost CD may put pension holders in peril, 5 November 2007
    Thousands of customers of UK insurer Standard Life have been left at risk of fraud after their personal details were lost by HM Revenue & Customs (HMRC).
  • DWP loses £2.5bn to fraud and errors, 26 July 2007
    Department of Work and Pensions. About £2.5bn was lost to fraud and error in benefit payments over the last year …The report identifies limited IT integration as one reason for the high level of error.
  • DoH’s latest d’oh!, 26 April 2007
    Department of Health (DoH) has apologised for its latest IT blunder – publishing private details of applicants for junior doctor posts on an unsecured website.

Now… anyone for an ID card?

Update 26 November 2007: The total turned out to be “records for 25 million individuals and 7.25 million families”.

Update 20 December 2007: DH found guilty on MTAS data protection breach – “The Information Commissioner requires the DH to sign a formal undertaking to comply with the principles of the Data Protection Act.” Weren’t they already required to do so by law? Will yet another document make any difference?

Posted on Tuesday 20 November 2007.

Posted in politics, security | Add a comment »

Leave a Reply