Lose data, lose trust
Reports of loss or thefts of personal information have now become routine enough to be not-news. It’ll take a really big one to register on people’s attention radar.
Personal details of all families in the UK with a child under 16: 25 million individuals and 7.25 million families. Personal information of nearly half the UK population. Mind boggling.
There is obviously a lot of media coverage, both within the UK and around the world. Words like debacle are being used. Perhaps the time has come when identity systems are based on an assumption that peoples’ personal information is not secure.
Many reports are quite rightly dismissive of Chancellor Alistair Darling’s explanation of a junior official who “had broken the rules by downloading the data to disc and sending it by unrecorded delivery.”
As the Chancellor himself pointed out, the data originally sent in March by HMRC (Her Majesty’s Revenue and Customs) to the National Audit Office was in breach of HMRC’s procedures. The data was returned to HMRC, only to be requested again in October. This time the entire database was sent by internal mail on two discs. They never got there.
The real issue goes to the heart of governance and government: trust. Questions are of course being asked about competence, why the data was sent on discs, why it was unencrypted, staff morale following re-structuring, and the culture of an organisation that allowed the said junior official to think what he did was OK.
But, those are only sideshows. The hard reality is that it is about trust and a loss of trust strikes at the very foundation of government.
At the same time, there are probably many other similar disasters waiting to happen. Hopefully, as the message is obviously not getting through, it will be another wake-up call to everyone who has a duty of care for peoples’ personal information all over the world.