I don’t usually post political rants but this particular case deserves one. I’m not sure what shocks me more:
- The fact that the government has lost 2 CD-roms containing the names, addresses and date of birth of every child in the country, along with their parents’/guardians’/carers bank account and National Insurance details
- The fact that it has been missing FOR A MONTH and the public is only told about it now (it happened on 18 October and the Met Police weren’t involved until 14 November – and apparently it was agreed that ‘remedial action’ should be taken before a public statement was made yesterday. Hmm – should that not have been made quite a lot earlier? It’s possible to communicate bad news without panicking people, as long as you explain what’s happened and what they need to do now. Not difficult - and they still haven't done that properly)
- The fact that the government uses CD-roms rather than downloading the data through a secure link
- The fact that the government transfers said CD-roms using a postal system that isn’t recordable/tracked properly (give me strength)
- The fact that senior management at the Revenue have known about this for nearly a fortnight (they were told 2 weeks after the event) and decided to wait to see if they could find the data first (not good enough)
Anyone handling data like this is meant to be trained in Data Protection Act protocol. This is a major breach of the law. They’ve messed up so badly, it’s almost unbelievable.
I think the government needs to explain its security procedures (within limits) to reassure the 7.5 million families and 25 million individuals affected that this will NOT happen again with other forms of record (health is the first one that springs to mind). A simple ‘check your account for unusual activity’ isn’t really enough communication on the issue. The banks are likely to be run off their feet with people panicking and wanting to change their account details (and those with offshore call centres are going to have the extra difficulty of a language barrier and a culture barrier here...).
What about the possibilities of identity fraud? And with incompetence at this level, how on earth could we trust this system (OK, this government) to deal with identity cards and keep people’s details secure?
Interestingly, the company involved is TNT. I have three orders from Amazon which haven’t arrived (one of them was apparently sent to me on 5 November). If the first one isn’t here by Friday, they have agreed to replace it (they have yet to reply to my other two queries)… but guess which company they used as a courier? Yup. TNT. I have no confidence in them (and I’m rapidly losing my confidence in Amazon).
The only one who has behaved with even the slightest honour in the data fiasco is Paul Gray, the head taxman, who resigned over this. A head of a department actually taking responsibility for his juniors’ action – now that’s refreshing. He messed up, he admitted it, and he did the decent thing. He could’ve hidden behind excuses, as many of the fat cats do. So I admire him for being a man of principle. (I’d employ him, actually, because a mistake of this magnitude means he’d run a very tight ship in the future.)
Let's hope that today will see much more effective communication from the government. But this, following the Northern Rock fiasco, could well bring the government down.