UK Liberty

Are you sure, Darling?

Posted in accountability, database state by ukliberty on November 22, 2007

Photo of Alistair Darling Alistair Darling (Chancellor of the Exchequer, HM Treasury) | Hansard source

In making this statement today, I have had to balance the imperative of informing the House and the public at the earliest opportunity with ensuring that when I did so the appropriate safeguards were in place to protect the public, including in relation to bank accounts. Indeed, the banks were adamant that they wanted as much time as possible to prepare for this announcement.

On the other hand,

Angela Knight, chief executive of the British Bankers’ Association, the industry body, denied this.

We do not recognise the Chancellor’s statement,” said Ms Knight. “It is not a correct description of the situation. The banks were extremely quick to act.” (the Times)

Update

In other news, it appears previous reviews were ignored.

The Telegraph:

A government review of security in 2003 identified “serious risks” of information going astray and recommended data should be encrypted

An almost identical breach of security involving CDs happened in September 2005, when the names, addresses, dates of birth and bank details of UBS customers were lost in the post after being posted by HMRC.

At the time, HMRC admitted that it was “not sure it is the best way to receive information” but that it was “urgently reviewing procedures to make sure this type of incident does not happen again”.

Yet similar breaches have happened several times since, including the loss of the records of 15,000 Standard Life customers by HMRC in September.

The Daily Telegraph has also seen a Treasury memo from an e-government working group meeting dated December 9, 2003, in which the department was told that a review of security by the NAO had found “serious risks” of messages being intercepted and a “risk of hacking”.

It recommended that encryption should be used to prevent security breaches, but the warnings were ignored.

Richard Thomas, the information commissioner, said he had repeatedly warned the Government that its data protection procedures were not up to scratch.

He said: “I have been pressing the Government to give my office the power to audit and inspect organisations that process people’s personal information without first having to get their consent.”

In July this year Mr Thomas warned that data protection breaches in Government departments were “frankly horrifying”.

Turning to the latest breach, he said: “It is a shocking case. I am at a loss to find out what happened in this situation.

“This goes beyond legal compliance. Any aggregated system for collecting information must be proof against criminals, it must be proof against idiots, it must be proof against those who don’t follow the ordinary rules of procedure.”

And

The catalogue of security lapses at HMRC is hair-raising. In the past year, there have been 2,111 reported breaches of security, including the theft of 41 laptops.

As long ago as September 2005, an unencrypted CD with sensitive financial information was lost in the post; in May this year, 42,000 tax credit and bank details were posted to the wrong people; earlier this month, a CD with the personal details of 15,000 people went missing.

In the light of such serial incompetence (and these are just the ones we know about), Whitehall appears incapable of securing computerised information.

Don’t you worry though – lessons will be learned this time.  Will they?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: