Wednesday, November 21, 2007

unbelievable

I don’t usually post political rants but this particular case deserves one. I’m not sure what shocks me more:

  • The fact that the government has lost 2 CD-roms containing the names, addresses and date of birth of every child in the country, along with their parents’/guardians’/carers bank account and National Insurance details
  • The fact that it has been missing FOR A MONTH and the public is only told about it now (it happened on 18 October and the Met Police weren’t involved until 14 November – and apparently it was agreed that ‘remedial action’ should be taken before a public statement was made yesterday. Hmm – should that not have been made quite a lot earlier? It’s possible to communicate bad news without panicking people, as long as you explain what’s happened and what they need to do now. Not difficult - and they still haven't done that properly)
  • The fact that the government uses CD-roms rather than downloading the data through a secure link
  • The fact that the government transfers said CD-roms using a postal system that isn’t recordable/tracked properly (give me strength)
  • The fact that senior management at the Revenue have known about this for nearly a fortnight (they were told 2 weeks after the event) and decided to wait to see if they could find the data first (not good enough)

Anyone handling data like this is meant to be trained in Data Protection Act protocol. This is a major breach of the law. They’ve messed up so badly, it’s almost unbelievable.

I think the government needs to explain its security procedures (within limits) to reassure the 7.5 million families and 25 million individuals affected that this will NOT happen again with other forms of record (health is the first one that springs to mind). A simple ‘check your account for unusual activity’ isn’t really enough communication on the issue. The banks are likely to be run off their feet with people panicking and wanting to change their account details (and those with offshore call centres are going to have the extra difficulty of a language barrier and a culture barrier here...).

What about the possibilities of identity fraud? And with incompetence at this level, how on earth could we trust this system (OK, this government) to deal with identity cards and keep people’s details secure?

Interestingly, the company involved is TNT. I have three orders from Amazon which haven’t arrived (one of them was apparently sent to me on 5 November). If the first one isn’t here by Friday, they have agreed to replace it (they have yet to reply to my other two queries)… but guess which company they used as a courier? Yup. TNT. I have no confidence in them (and I’m rapidly losing my confidence in Amazon).

The only one who has behaved with even the slightest honour in the data fiasco is Paul Gray, the head taxman, who resigned over this. A head of a department actually taking responsibility for his juniors’ action – now that’s refreshing. He messed up, he admitted it, and he did the decent thing. He could’ve hidden behind excuses, as many of the fat cats do. So I admire him for being a man of principle. (I’d employ him, actually, because a mistake of this magnitude means he’d run a very tight ship in the future.)

Let's hope that today will see much more effective communication from the government. But this, following the Northern Rock fiasco, could well bring the government down.

21 comments:

Lou Gagliardi said...

WoW...just WoW..that's all I can really say

Nell said...

Sadly, I am unsurprised. As for 'Lorenzo' the new NHS system - it's a complete disaster.

Jan Jones said...

But you know what will happen - they'll employ some 'outside' committee to check the system, it will take months and cost gazillions, and the recommendations will be to move to some other form of data transfer that's already out of date by the time the report comes out.

"Check your bank details," indeed. Words fail me.

Biddy said...

I'm not surprised at all. And the fact that Mr Darling hasn't resigned yet is shocking.

Don't get me started on this government and their inability to take responsibility for their actions. They'll let the civil servants and anyone else take the fall (and I wonder if they can somehow blame the BBC as well for this?)

Bitter? Moi?

Nicolette said...

I agree absolutely, Kate. I only learned of this fiasco this morning and I was appalled that a major government sends details like this through the post! I thought we were in an electronic age. Don't they have auditors that can go in and audit accounts and details in situ?
It's a disgrace. What if a paedophile gets his hands on this information? Children's names, ages, addresses, etc.
I feel sick with rage. This government has endangered my four children through its incompetence.

What else have they done and not told us about?

Ray-Anne said...

Rant away. Totally shocking. No doubt they will find some junior individual who thought they were doing the right thing and put the blame squarely onto his or her shoulders.
I have a horror of 'Big Brother' databases, but it is now so part of life we can get complacent.
I foresee lawyers making a lot of money....
now. back to fiction, where good conquers evil and all is well with the world.

Shirley said...

Very well put, Kate. I daren't even start ranting about the government. The sooner this bunch of incompetents are gone, the better.

Diane said...

I have to admit to being speechless when I discovered this latest debacle. For the first time ever - EVER - I have been reconsidering my political support, and this was, quite frankly, the icing on the cake. I have absolutely no faith and no confidence in the current government.

Kate Hardy said...

Lou - yup.

Nell - why does it not surprise me about Lorenzo? (You should see the school system. In place now - training next year.)

Jan - exactly. Wasting taxpayers' money.

Biddy - absolutely. (I didn't vote for Blair.)

Nicolette - with you all the way.

Ray-Anne - they're already blaming a junior (but at least Gray did the decent thing).

Shirley - yup.

Diane - wonder if someone will put forward a vote of no confidence? Mind you, there isn't a credible opposition and that's been the problem for years. We need a new party. Someone who does actually care about the big issues (health and education particularly - leave the professionals to do their job and don't tie them up with red tape) and realises there is life outside London.

Michelle Styles said...

Okay, I personally think it is gross incompetence and the cds will be found in some office somewhere, unopened.
It is a junior civil servant's fault because the cds were never supposed to be sent outin the first place and somebody packaged them off to the National Audit Office just at the time the NAO was about to move as far as I understand the reporting up here.
As they were never suposed to be sent in the first place, how is it Darling's fault? Everyone thought the failsafe system was in place and nobody thought about human error. I can understnad why the HRMC person fell on his sword but not Darling, not yet any way.
I think it does open up huge questions about the security of documents and the computerisation of documents as really nothing is 100% secure. ID cards and the NHS are two ares that spring to mind.
The major problem is IF it has fallen into the wrong hands as many people use their children's birthdays for their pin number.
And I am afraid some of the panic is overblown.The vast majority of abuse to children happens by people known to, and intimate to the children and the families involved.
ID theft -- yes it is a possibility, but there are many ways that can occur and peole need to be vigilent in any case.

Rachel said...

Dear Kate,
I'm so glad I'm not the only one seething and muttering about the utter incompetence of our so called government this morning. Darling has GOT to go (for starters). I'm growing ever more fearful about my childrens' future in so many ways, as already said the cd roms would be of great interest to paedophiles/identity fraudsters and if they haven't got the stuff already, they'll be certainly looking for them now!

And then Northern Rock-24 BILLION! Half the education budget. I discovered yesterday that my yr 4 child has only done literacy, numeracy and a 'project'(involving an £8 bus ride to the next village) since September. She says school is boring and who can blame her? No history, no art, no music...this is a wicked way to treat a child and it's making me feel so depressed.
Thanks for letting me join in the rant.
Rach.
XXXX

Rachel said...

ps. My Amazon stuff's gone missing too!
Rach.
X

Biddy said...

Having worked in central government (and on their IT systems) I think the outside world has an unrealistic idea of how automated and how much procedure is actually in place. If there were procedures then they should never have been allowed to download all those files in the first place. And if they are they should have been encrypted.

I think the problem is the government's issue. The civil service has been taking a knocking in the last few years. The Government gradually removing senior civil service positions and making them political. The over use of contractors because they don't pay market rate for good IT specialists. Too much reliance on outsourced IT with poor contracts meaning that projects are delayed, over priced and not fit for purpose.

Sorry about ranting in your blog Kate! As you can tell it gets my goat. Whether Mr Darling is actually responsible for this or not, this is a symptom of a wider issue that they need to take responsibility for.

Kate Hardy said...

Michelle - agreed re the abuse side of thing, but my beef is that that the systems and training are not in place and the government is so out of touch that it hasn't CHECKED that the system is in place. There should be some kind of audit of government departments, just as businesses have regular audits and reports. Before doing ANYTHING with records, that junior should have been given basic training in data protection and would therefore have known NOT to send it out at all, let alone untracked.

And also the poor communications. There should be a procedure in place so when sticky stuff hits the fan, people get the right info at the right time. In this case:
* don't panic
* keep an eye on your account and change your password
* a reminder about what a strong password should be (combo of numbers and letters and NOT a birthdate or child/pet's name)

Plus reassurance that any losses are unlikely (but if there are any frauds the money will be repaid).

The government should also be telling people how to check their credit records.

I think their systems need a thorough review by an independent body which won't charge a fortune and drag their feet on making the report.

The question is: where does the buck stop? Who is going to take responsibility and who is going to make sure something like this doesn't happen again?

Kate Hardy said...

Rach - re schools, I have a different take as I'm a governor in a first school. The teachers are doing their best but are hamstrung by an awful lot of paperwork and lack of adequate funding. (How a school is funded - it's been a revelation to me and I think our children are being let down. The NHS has similar problems.) What worries me more is that schools will eventually be run by managers with no experience in education and will come up with financial solutions that would work for business but NOT for a balanced curriculum.

There needs to be some joined-up thinking. And some proper organisation. And listening to people who actually DO the work and know where the problems are.

Lou Gagliardi said...

I want to say that I grieve, and rant and everything else with you.

I know I'm an American, but how could I not understand the problem?

This absurd and the government really needs to get their acts together. I could see if this was a matter of Person A leaving the item on Person B's desk, but B forgot about it or something.

When you have these many problems--whether in the UK or in the US--a new system is called for.

Plain and simple.

P.S. Amazingly my items in the US on Amazon have gone missing as well. And they were book research items!

Kate Hardy said...

Biddy - you're so right - and the same problems are surfacing in the NHS and education.

I feel for the Revenue staff. Their morale was poor to start with after the 'merger' (which was done badly) and this is going to make things so much harder for them. I wish the government would wake up and realise what they're actually doing - removing the infrastructures and replacing them with something less stable, at the same time as putting more and more pressure on staff.

Kate Hardy said...

Lou - yep, it's common sense. Which is in short supply in this government. (I'd better make a cake for our governors' forward planning meeting tonight... because I foresee ranting there, too.)

As for Amazon - I had a lovely apologetic email this morning but they're still saying "wait a few more days, it'll turn up". Hmm. I just want my stuff. On time. Christmas presents which need sending...

Biddy said...

Interesting discussion from BBC's political guy. http://www.bbc.co.uk/blogs/nickrobinson/2007/11/a_yawning_gap.html

Comment 28 caught my eye.

Oooo I feel better from having ranted. Thanks for putting this on your blog.

Melissa Marsh said...

Oh my goodness. Using CD-ROMS to keep such sensitive data? Unbelievable.

Kate Hardy said...

Biddy - thanks for the link. Interesting comments (among the hot air *g*).

Melissa - indeedy.