Sunday, September 07, 2008

Sieve Government

Doh! There goes another one!

This time it's a computer hard drive containing personal details on 5,000 prison staff. And once again, it's been lost by a government subcontractor, EDS, who may or may not have been employing untrained agency temps, who may or may not have been up to the job.

Astonishingly, the data was lost more than a year ago, but was not reported to top management (er... Jack Straw) until yesterday. Which underlines once again just how little grip top management actually has.

So just to recap the confidential data losses reported in just the last 10 months:

  • Nov 2007: 25m people's child benefit details, held on two discs
  • Dec 2007: 7,685 Northern Ireland drivers' details
  • Dec 2007: 3m learner drivers' details lost in US
  • Jan 2008: 600,000 people's details lost on Navy officer's stolen laptop
  • June 2008: Six laptops holding 20,000 patients' details stolen from hospital
  • July 2008: MoD reveals 658 laptops stolen in four years
  • August 2008: 84,000 prisoner details lost by Home Office contractor
  • September 2008: 5,000 prison staff details

Catastrophically pants.

Ah yes, you might say, but things are just as bad in the private sector (eg the recent £35 sale of NatWest customer records on eBay): why are you picking on well-meaning public servants who are only doing their best?


For one thing, with private sector suppliers we almost always have a choice (indeed, Tyler's current account is with NatWest, which is why he's currently drawing up an RFP).

More fundamentally, when government bogs up it's going to be on A Big Scale. Government is BIG by nature, and likes nothing more than BIG centralised IT systems. And as critics of the ID cards scheme and the NHS Supercomputer have long pointed out, big systems are a data security nightmare waiting to happen - one successful hack, one hard drive lost on the 18.32 to Godalming, one sloppy temp accidentally mailing a data CD to the Cosa Nostra... suddenly we're all stuffed, suddenly we all need to change our identities.

Our data is never going to be safe with government. In the days of dispersed paper records the scale of the risk was containable. In the days of big IT, it isn't.

Yet one more reason why government needs to be broken up.

PS BOM's man on the inside tells us that the National Identity Scheme's whizzo card project is facing the imminent chop. He says:

"Rumour has it that the ID card is to be cancelled (except for the eResident card for resident aliens, and the airside workers card and anything else that the eBorders people dream up). Another rumour is that the reason that everyone is so buttoned up about the project is that the Competitive Dialogue process to spend all that money is on about the 6th lap of 10 or more: the 5 bidders (are there really 5 still in?) are in constant dialogue with the NIS people to be sure that both sides know exactly what is to be bid for, and the first round of bidding takes place at the end of this month. Then a short list of 2 will be produced and those 2 will expect one or more contracts to be let - which means that there is a wonderful window in Oct to simply say "we are not actually going to spend the money just now (there isn't any and the credit cards are max'd), so hang in there, please".

Let's hope he's right, but how much have we already spent?

No comments:

Post a Comment