Lose data, lose trust
November 21, 2007
Reports of loss or thefts of personal information have now become routine enough to be not-news. It’ll take a really big one to register on people’s attention radar.
Personal details of all families in the UK with a child under 16: 25 million individuals and 7.25 million families. Personal information of nearly half the UK population. Mind boggling.
There is obviously a lot of media coverage, both within the UK and around the world. Words like debacle are being used. Perhaps the time has come when identity systems are based on an assumption that peoples’ personal information is not secure.
Many reports are quite rightly dismissive of Chancellor Alistair Darling’s explanation of a junior official who “had broken the rules by downloading the data to disc and sending it by unrecorded delivery.”
As the Chancellor himself pointed out, the data originally sent in March by HMRC (Her Majesty’s Revenue and Customs) to the National Audit Office was in breach of HMRC’s procedures. The data was returned to HMRC, only to be requested again in October. This time the entire database was sent by internal mail on two discs. They never got there.
The real issue goes to the heart of governance and government: trust. Questions are of course being asked about competence, why the data was sent on discs, why it was unencrypted, staff morale following re-structuring, and the culture of an organisation that allowed the said junior official to think what he did was OK.
But, those are only sideshows. The hard reality is that it is about trust and a loss of trust strikes at the very foundation of government.
At the same time, there are probably many other similar disasters waiting to happen. Hopefully, as the message is obviously not getting through, it will be another wake-up call to everyone who has a duty of care for peoples’ personal information all over the world.
Entry Filed under: UK, data_breach, fraud, government, identity, network, personal_info, privacy, security, trust. .
6 Comments Add your own
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed
1. Lose data, lose trust 2 « Identity and Privacy Blog | November 22, 2007 at 9:51 pm
[...] 22, 2007 I thought I’d check out the fallout from the massive loss of personal information in UK. It isn’t a pretty [...]
2. Placing data in silos « Identity and Privacy Blog | November 24, 2007 at 12:25 am
[...] hours before UK’s Chancellor Alistair Darling revealed to MPs the loss of 25 million personal records, Government CIO John Suffolk gave a blunt warning about the danger of creating more giant [...]
3. EC report: New trust pact required « Identity and Privacy Blog | November 26, 2007 at 10:14 pm
[...] undermine the basic trust relationship between government and people. As I mentioned in my first post on this topic, “The real issue goes to the heart of governance and government: trust… The hard [...]
4. ID theft from security breaches « Identity and Privacy Blog | December 10, 2007 at 9:52 pm
[...] is an important question because of increased publicity around high profile breaches. The fiasco in UK involving 25 million records is an obvious one but also, according to Privacy Rights Clearinghouse, [...]
5. UK: consultation on Data Sharing Review launched « Identity and Privacy Blog | December 13, 2007 at 11:01 pm
[...] recent fiasco that saw personal information of half the country’s population lost makes it timely. I’m looking forward to the promised publication of the results [...]
6. UK: Raising the breach barrier, again « Identity and Privacy Blog | November 3, 2008 at 11:17 pm
[...] 3, 2008 When HMRC (Her Majesty’s Revenue and Customs) lost personal information of nearly half the UK population, I called it “mind boggling”. I also thought that it would be the last time I’d [...]