The Queen could better manage security of personal information than civil servants are
Her majesty's servants seem to be lacking any sense of responsibility these days. Information in the health care sector, voter information are being either stolen or misplaced on a regular basis. Hundreds of incidents are occurring.
It's one thing for a leak to be politically motivated, but quite another when it's careless. In an article I wrote two weeks ago about an U.S. Ethics Committee staffer file sharing a sensitive file investigating members of Congress and winding up in the hands of the Washington Post ,many talk back readers suggested it was intentional. England on the other hand, seems to have poor training and staff that have little respect or understanding of what they are dealing with.
Last week, the BBC reported that in the U.K., health records are being 'lost' in unprecedented scale:
"Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media."
Companies and public bodies that recklessly or deliberately break the rules face fines of up to half a million pounds from 2010. The Ministry of Justice is considering allowing the ICO to impose fines in the most serious cases.
Fines? How about PRISON instead? Nobody seems to budget for training or make individuals aware of the consequences if data is 'lost'.
Organized crime seeks out data and coordinates such thefts. In a recent FBI investigation, they nabbed a ring that stole over $9 million with individual and commercial banking information compiled over an extensive period of time and found vulnerability in the bank network. The plan was then executed in less than 12 hours. The three masterminds were caught and yes - they ARE going to prison.
But when civil servants have proper control of the information they are dealing with, patient records and other database formats of personnel records and are lax in the way they handle, manage and secure the data there seems to be a complete lack of discipline for their actions. The bottom line is that nobody seems to care. They have inquiries, investigations and commissions of what went wrong, but in recent history, NOBODY has been fined or prosecuted for what appears to be absolute contempt for security of individuals' information.
In England it's almost on the verge of bizarre. The Home Office Minister, MP Hanson wants every ISP to monitor and enable them track where a user has been and what they are downloading - but they can't seem to even dismiss an employee for losing or locking down memory sticks or laptops with complete data records of individuals that is far more damaging in terms of potential financial ruin of an individual. The Right Honorable MP Hanson needs to check his backyard before worrying about what happens in public. The need to be heavy handed seems to be used on trivial things, like spying on a city council member that may or may not live within city limits - 21 times! Perhaps it's time that Scotland Yard bring back Paul Temple and MI6 pull 007 out of retirement and wring somebody's neck and throw them in jail, let alone be fired. This week, in yet another complete lack of security protocol, 4 laptops go 'missing' in a single event. One of the laptops has voter information -- with sufficient data to ruin an individual's identity with the information contained on the laptop.
Files contained names, addresses, dates of birth, signatures, postal vote forms and statements used to confirm the identity of 14,673 voters. Councillor Julian Daly, whose details were on the missing laptop, said the situation was "troubling".
The data was protected by two levels of security, the council said, but admitted there was a "slight risk" it could be accessed.
Hackers have time - it's not a slight risk, it's a DEFINITE risk.
Everyone affected is to receive a letter to inform them of the situation.
Inform? What good is that going to do? Their identities have ALREADY been compromised.
Mr Daly, who is leader of the Conservative group at the Lib Dem controlled council, added: "That's all the information you need to set up a bank account. It's classic identity theft territory. "It is troubling that the data was on a portable machine and it was accessible for someone to walk off with it."
Bureaucrat Understatement of the year:
Daniel Goodwin, the council's chief executive, said: "I would like to apologise to residents and reassure them the council takes its responsibility to look after their personal data very seriously."
Seriously - then Mr. Goodwin should take responsibility for complete lack of training of staff under his management and turn himself in and go to jail. It's going to take that kind of punishment before somebody figures out that people have to follow some pretty basic COMMON SENSE rules and regulations or face the consequences. Either that or go to jail.
It would appear that the common trait among all these incidences in training or even having a security practice in place when such information is being used by employees, contractors and administrators. And clearly there is no sense of responsibility by any of the staff using the information. I sense HRM Corgi's could manage security of the information better than some of the administrators in charge.
[poll id="11"]