Government dinosaurs of IT
Just to prove we haven't all contracted football-blindness we (the country) have had some more information regarding the misplacing of data by the HMRC.
First off the data was being sent to the National Audit Office, doing so physically rather then electronically suggests a) the systems are set up so that they won't talk to each other, or b) nobody knew how to do that. So either we have government departments who can't talk to each other or don't know how to; though I'm more along the lines of thinking both.
The NAO didn't want all the information that was sent, but it would have been "difficult" to extract only that information from the full database and therefore "expensive". So instead they gave them the lot. So we have a) a possible breach of the Data Protection Act and b) a database that can't export selective data or c) staff that don't know how to extract selective data. Again show of hands for a combination of all three.
Next we appear to have a junior minister (member, official; oh now I'm confused) with full access and full export capabilities. Now it may well have been said minister (member, official, work experience guy) merely instructed someone else to do it. Though that would just leave someone with full access control not questioning the need to export the full database, no way an IT professional; so that just pushes the question down a level. No-one needs full access to the database except under exceptional conditions.
We're now told that the decision to use the unregistered unmonitored post was made by a senior minister (member, official, visiting space alien). Do senior ministers (members, officials, immigrant cleaners) normally deal with these matters? Was it an off-cuff answer to "I've got the NAO data shall I stick it in the post?"
We still don't know what the data was exported to, as already mentioned by myself accounts data is normally internally encrypted except when you export it to another program; then you have to rely on that programs security. As septicisle states in a comment we also don't know at what level it was protected at.
All-in-all not good. We're supposed to be an information-savvy country leaving behind our industrial roots and heading into digital pastures and yet it appears we have a government that runs the same level of security as the average home user and doesn't even realise it - until something goes wrong.
0 comments:
Post a Comment