Wednesday, November 21, 2007

Who knows what else is out there?

It appears from this report in the Guardian that it was a junior civil servant who made the cock-up and sent the data to the National Audit Office. Apparently

"This individual should not have been involved. It was none of their business. They should have forwarded it on to someone else - another group of civil servants at a more senior level."

"The HMRC office is a huge office with 200 people and there is a nominated team that send items between us and other departments. The individual in question had nothing to do with that team and the it was completely outside their job remit."... ...

And on it goes about how they shouldn't have done this and etc and etc.

This is just not the point. No official should have the capability to do this in HMRC without having gone through a whole range of audited steps. No official, however high in the organisation, should have the ability to do this on a whim at any time. It is a complete breakdown of Security and not just a case of "not following procedures".

It is not just a case of a silly person doing something silly it is about an organisation that is criminally incompetent.

The only saving grace is that we know about this incident.

What about the untraced copies of data that could have taken by, it seems, any member of this organisation and have already been supplied to those who could profit from this data. Who can tell what is out there if it was only procedures that are supposed to stop this type of data extraction.

Civil servant who made the 'colossal error' | Special Reports | Guardian Unlimited Politics

No comments: