The BBC is reporting that two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The discs contain Child Benefit data which includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. So that’ll no doubt contain my families details too.
It’s staggering that after all the precautions we take as a family to protect ourselves from identity theft HMRC through what can only be described as massive incompetence have thrown all our efforts in the bin.
In a statement the chancellor apparently blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing.
I’m afraid that just doesn’t cut it. Why is security of such private data ever in such a position that junior staff have access to it, let alone the opportunity to ignore security procedures. Clearly the fault is with whoever devised such pathetic “security procedures”. I can only hope that the person responsible for security is immediately sacked and replaced with someone who understands how to develop “security procedures”.
For that matter why on earth is data being transferred to CDs instead of sent securely over a private internal network? We can only hope that they at least had the sense (or better yet software enforced policy) to encrypt the information before transferring it to CD. Unfortunately this page on the BBC site suggests that they are not.
Instead, HMRC chairman Paul Gray resigned earlier after the latest incident came to light. I’m disgusted at this, it’s the easy way out, he should have the guts to stay and sort out this mess. Should he turn out to be in any way personally responsible he should then have faced disciplinary action and dismissal.
For such a massive breach of the data protection laws, especially by a government body I would like to see criminal prosecutions. Quite how the government ever expects us to trust it with our personal data I just don’t know.
On the bright side however there’s clearly some great business opportunities here:
- Independent security audits of government organisations.
- Design and provision of better means of identification of individuals that can then be used by banks etc to avoid the dependence on information that is easy to obtain.
- Secure point to point networks for government organisations.
- Encryption software.
- Software and hardware to enforce security policies.
- Process consulting to ensure better processes, this mistake should never have happened and it should not have taken so long for senior officials to have been informed.
This blog is about business opportunities and ideas that I spot, think of or hear about and think are useful and interesting. It is intended to provide ideas and inspriation for you to help you find the right business idea for you to then grow it into a successful business.
Makes you wonder what they’ll do with ID card data once they force them on us. Do they get a fine for not complying to the Data Protection Act?
I really think that at this level there should be jail sentences for those involved. Especially as any fine would be paid to the Treasury, i.e. themselves.