The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material.
An email that was leaked on the 'Dizzy Thinks' blog on Thursday from DWP said:
"I have been advised of instances where password protected data has been sent out with the password being sent separately as detailed in Security Notice 02/07. However, once the data and the separate password are received, staff are then forwarding the data and password on together, this defeats the purpose of the security measure entirely.
Could I ask you to remind staff of the heightened security surrounding data transfer and ensure that data and passwords are sent separately."
DWP kind of admitted that security procedures had been breached in an email statement they sent to me:
"We take the security of individuals’ data extremely seriously. We have carried out a major review of procedures around the transfer of data to ensure the security of customer information. We expect all managers to monitor the application of our security controls and ensure that the correct action is taken in all cases."
When I rang up to get some clarification, a DWP spokesperson downplayed the blog post, telling me that the leaked memo was a standard email to remind staff of security procedures, and that it wasn't in response to a large security incident.
When I asked whether there had actually been an incident, I was told there may have been a couple of isolated incidents at local level.
I pointed out that even one incident is enough to disclose large amounts of personal information, and the spokesperson said that DWP was making sure that the security of individual data was being taken seriously.
Honestly, even if the government has the best will in the world, it simply is unfeasible to expect buy-in not only across Whitehall, but at local level too, for all of the security procedures that would be needed to keep citizen data safe. As there is more government data sharing, there will be more data breaches and leaks, it's as simple as that.