Tuesday, 20 November 2007

The Data-loss State

It's the latest scandal to hit our Government: The loss of personal data on 25 million child benefit claimants by HM Revenue & Customs, including National Insurance numbers and in some cases bank details.1

The proximate cause of the "catastrophic failure" was the sending of two compact discs containing the data to another Government department, unrecorded, using a courier service. The buck stopped with the chairman of HM R&C's board, Paul Gray, who has resigned.

The question to ask, though is whether real lessons will be learnt from what has happened here? As highlighted by Vince Cable, acting leader of the Liberal Democrats1, it must surely represent a crisis of confidence in the security of Government-held data.

Will this, possibly the worst incident of data loss so far prompt a rethink of the Government's drive to accumulate and centralise more, and more private personal data, in grand initiatives such as the National Identity Register, NHS Spine2 and Childrens' Database3?

NO2ID4 today called for "an immediate halt to the development of the National Identity Scheme and related ‘identity management’ initiatives until a full and independent audit of all personal information held on government systems has been conducted".

What has happened certainly betrays the hollowness of the repeated assurances they and other concerned groups and individuals have been given regarding data privacy and security. The Government would do well to heed their call.

More: NO2ID press release
More: ARCH (against the Children's Databases) press release

1. http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm
2.
http://www.connectingforhealth.nhs.uk/systemsandservices/spine
3.
http://www.databasemasterclass.blogspot.com/
4.
http://www.no2id.net/news/pressRelease/release.php?name=HMRC_privacy_meltdown

No comments: