Wednesday, November 21, 2007

Who trusts the government with their details?

The headlines in virtually all of the national UK papers today were stark.
"Lost in the post - 25 million at risk after data discs go missing" said The Guardian;
"ID fraud alert to every family" said the Daily Telegraph;
"25m victims" said the Daily Mirror;
"Darlings ID Crisis as 25m names lost" said the Sun (actually "Keeley's such a hot date" was also there).
^
Nevertheless, what has happened is that an official at HMCE (Her Majesty's Customs and Excise) posted in the normal post, 2 unencrypted CDs containing the data of all parents claiming child benefits, the childrens' names, the addresses and the bank account details of them all. These CDs have gone missing. The risk is that criminal can use this data to engage in widespread identity theft and bank fraud, ordering credit cards in the names of others. Not to mention the risk to personal privacy.
^
The information had been posted to the National Audit Office which didn't actually request all that data. It simply wanted a sample of child benefit claimants and then only names, National insurance numbers and child benefit numbers - HMCE decided it was too hard to filter out the data so posted the lot. The low level official to blame is now under 24 hour watch in a hotel under a different name to avoid being pursued by criminal gangs eager to get the data.
^
The story is covered in detail on all major paper websites, but what i've read so far has been from The Times in several articles.
^
Now one way of looking at this is - well if you're going to claim child benefit then the government takes this much data in exchange. Lower taxes don't need the government to hold all those details at all. However, what this really demonstrates is the sheer incompetency of the state in managing huge amounts of private and sensitive data. It obviously raises questions as to whether it could ever cope with a National ID card scheme and ensure the confidentiality of any data.
^
For starters, the data sought was not what was supplied. It was "too burdensome" to supply the smaller amount of data, demonstrating the incentives to get this right simply aren't there. HMCE wanted to ensure it did minimum work, so sent far more than it needed to two.
^
Secondly, the mistake in posting this information, in an unencrypted format also demonstrates the lack of incentives to get this right. Imagine a bank doing this? Imagine how much business it would lose from being so incompetent? The difference is the state has a monopoly, you can't say no (although as I said you could say no to child benefits, but it's not as if you'll get tax back from doing so).
^
Finally, there is lack of honesty about this. It didn't happen yesterday, or last week. It happened months ago - the efforts to find the CDs have been fruitless, so now the banks have been advised, and the public too. It is not a Labour or Tory issue, it is an issue about government, and the simple fact that there are never the adequate incentives or accountability for when the government fails to protect its citizens. This is one very good reason why governments should do less, nor more.

No comments: