TheAtheist

To be honest, i'm appalled. We, the normal public, are constantly reminded of the danger of identity fraud, and i'm guessing most peoples data in their own home is more securely held than the methods used by the person who "encrypted" this disc - they used a single password system. You'd think a large government like the british, would be able to look after its own peoples data, especially when that data relates to their bank statements and bank details.

more details :
http://news.bbc.co.uk/1/hi/business/7103940.stm

EnglishPaul

I think this is story is just a storm in a teacup. The disk is unlikely to be stolen, it's just another lost parcel by TNT. What is more significant is that the person able to download all the data to disk probably earns about £20k, and such data on the black market would fetch...
The civil service does need to tighten up its security and procedures. But the risk of this particular incident is low. It's just a question of how many other unreported incidents have occurred.
In a funny way this incident actually argues for biometric data as proof of identity. It is far harder to defeat.

Glaswegian

The bigger risk here is identity fraud, not money being taken from bank accounts - an issue that the Government has so far ignored. And they say ID cards will help security?!?!?!

Kalim

I dislike the way they try to play down their errors and dupe the masses. It is a lie that the money or identity cannot be stolen, anyone having access to an accountancy and the internet can defraud thousands from one account and personal information can easily matter millions around the world. They should run an investigation to how and who was at fault because this is kindergarten.

TheAtheist

The labour party has tried to lay blame automatically at the door of the junior member who actually sent the two cds, when really the blame should lie with the guy in charge, who has resigned as it happens. If the correct procedures had been followed with data security then this should never had happened.

EnglishPaul

It always surprises me when the MD resigns over an operational error made by a junior.
If some spotty kid spits in my fries, I hardly expect Ronald McDonald to take off his colourful clothes and resign.

TheAtheist

But to be honest paul, i dont think this was an operational error by a junior, that junior should never have been able to make such a mistake, and if the systems arent in place to stop him doing this, then doesnt that show that something is clearly wrong within the business?

EnglishPaul

It does show that the department had a low regard for data protection. If it was a concern then they would have got people to test their procedures for loopholes.
I doubt that HMRC are unique in their lack of concern for data protection.

None the less, I still stand by my generalization that by the figurehead offering a 'token' resignation, nothing is actually solved. A real leader would stay and clear up the mess. The only time for a resignation is if they did a completely useless job.

TheAtheist

It gets worse - now they have confirmed they have lost a further 6 discs of data

http://news.bbc.co.uk/1/hi/uk_politics/7111056.stm

Kalim

Not necessarily Paul (to the first para of your last response). :)
Where you have thousands working in conjunction to complete a process it only takes one slacker to make an error which results in something like this. You can take the Post Office as a good example. I've worked in a more secure position than that in the UK to know this first hand and you are often left in a helpless position. Where they really fall back is how they investigate, insure against reoccurrence of and deal with such matters. They have major problems here, leniency, apathy to a certain degree and euphemistic disregard being a few. We're all human and not everyone understands what another does, but some of these people shoved into work segments like cattle on a farm really have no clue about morals, ethics, values, principles and decent procedures outside of their daily work.
We need something to insure good initial parenting which is what will fight most problems we have rather than make punishments for it after it's already happened and a way of life for someone. Redesigning and reversing a humans mind, experiences, teachings and base values is very difficult past youth-hood (without torture). Punishments are only valid and effective if the person committing a crime was taught better with reasoning beforehand.

From what I'm hearing it seems the security is compromised from a body or group of bodies within. The major bodies trafficking such possessions won't be the ones making use of them, they just sell them. The main bodies will be "networks", "barons" and "gangs".

TheAtheist

There was, as you put it kalim, the suggestion initally that there was an inside job on this one, but that appears not to be the case. I just dont understand how a superpower government can manage to lose all this data, when really the security measures needed to work against it aint exactly expensive, when you consider how expensive this could turn out to be, if fraud is ever commited with this set of data

And woot, my 1000th post

Kalim

It's quite easy. We're humans, all of us. The person you place in charge of anything no matter how secure it be is human too, just like you, even if it's a computer [s]he operates. They can do good or bad, it's a choice and where you follow "each for his own" you'll find thousands of instances where they will get far more for jeopardizing anyones health or security than if they stuck to a company policy. Unfortunately people will and do follow this on many occasions. Security within that branch is too tight for it not to be an inside job to some extent, by that I mean, facilitated or made possible by someone within. Without that, it's quite impossible for so many failures to occur concurrently, it's a long planned happening. One disc would be believable but by what I'm aware of the running, what the reports are saying is quite impossible unless it be compromised within.
However, even it it turns out to be this way, you won't find the government forthcoming to let you know. It gives them too bad a name destroying their trust and throws havoc in the general public to do so. Not just GB, but in any world government.