Friday, May 22, 2009

A Scandal within a Scandal

The attached article in the Daily Telegraph tells the story of John Wick the intermediary who sold the MP's expenses story to the Telegraph.

The interesting part of the story is how the data was presented to him.

Rather than being a simple CD or such like, it looks like what has been given to the Daily Telegraph, is the complete system or database used by the Fee's office. If this is true then it is truly scandalous that a Government department should have such lax security that it allows data such as this to be available unencrypted in any form far less as comprehensive as this. As Mr Wick says
It was obvious there was also a major failure in the way the parliamentary authorities had handled such sensitive data. Government ministers had overseen a series of data losses involving the electronic records of ordinary people in recent times and here was the proof that they could not even properly protect their own information.
What does this say when the complete personnel details of over 600 of the top members of our government are available to the highest bidder. The details include enough information to take each of them for probably more than they have received in expenses.

Mr Wick then adds
Has the Govenment and Civil Service learned nothing in the past 18 months since the loss of the Child Benefits data. Have they not taken up any of the recommendations from the investigation into that loss.
I blogged on that quite a few times including a blog entry on 25th June 2008 which pointed out the words of our Shadow Chancellor that the loss of data was symptomatic of
the incompetence and systemic failure at the heart of this government. They were a guide to how not to govern this country
How can a government manage to continue to lose this sort of confidential data so many months after it has been castigated and had to apologise to 25 million people.At the time some of the factors causing the data loss were identified as follows:
  • Some DSSM and IDG policies lacked sufficient detail and strength to guide staff
  • Inadequacy of removable media and encryption policies
  • Better implementation and enforcement of policy is required.
  • Policy could be made more accessible and better communicated.
  • Appropriate authorisation.
  • Method of data transfer.
  • Prioritisation of operational delivery over information security.
  • Lack of policy awareness.
  • Lack of training.
  • Accountability for the ownership and guardianship of data.
  • Lack of clarity surrounding authority requirements.
  • Relations with the NAO.
Obviously no heed has been taken of any of the above in the Fees Office. At the time the report written by Poynter said
As regrettable as the Child Benefit data loss incident was, one positive may yet flow from it. It may provide the burning platform for these transformations, recognising it as an imperative rather than a luxury.
Obviously from what has happened here not a thing has changed. It doesn't matter that this data may have been obtained in the public interest, it is a scandal that it is available to anyone in this form and with apparently such ease. Remember these are the same type of people who are responsible or will be responsible for all sorts of highly confidential data on our whole population. I wouldn't trust them with one bit.

A video of John Wick telling his story is below

John Wick: I am proud to have exposed expenses scandal - Telegraph

No comments: