21 November 2007

The Missing Package Red Herring


Alistair Darling is talking about the steps the government is taking to find the missing package. We should be less concerned about this actual known breach than the fact that junior civil servants can access and transmit HMR&C personal data.

Whilst known missing/lost data is important, a far greater risk of fraud relates to deliberate theft of data by HMR&C employees. It's apparent that access to this personal information is insufficiently restricted. The internal security measures to protect this data should resemble Fort Knox.

- Low level staff should not be able to gain access to more than individual records.
- It shouldn't be possible to put this data on to a CD.
- Auditors should visit the site to do their work.

Finding these two CDs isn't the end of the matter. It's a smelly red herring.

6 comments:

Jon said...

And so what if they find the discs? Haven't these simpletons ever heard of -- let us say -- MS-DOS, or Windows, or, heaven forfend, Linux or OS X, any of which can be used to make copies ad libitum of data CDs?

Once the physical CDs have left the control of anyone responsible there is little point even in looking for them.

It's enough to make an ape despair.

Anonymous said...

Where is the honour in today's politicians, if such a scandal had occurred thirty years ago, a high level political resignation would have ensued. No question!

Anonymous said...

How would you view the loss of this data by a Labour council?

Stephen Newton said...

For once, you are spot on.

James Higham said...

PT - are you blogging or are you not blogging, sir? Need to get a handle on this.

Whichendbites said...

The HMRC is the unwelcome child of an arranged marriage and like other Government offspring they spend far too much on promoting what seems to be a flawed product instead of better using these costs investing in a better product, all in the name of 'efficiency' which is saving money in real terms.