Not surprisingly the blogosphere is awash with the fall-out from HMRC having 'lost' 25m - yes, 25 MILLION!!! - data records. I don't have a great deal to add to what others have already said on the subject - notably in no particular order Dizzy, Iain Dale, Man In a Shed, Ian Brown at Blogzilla, SpyBlog, et al. But, for me, Ross Anderson at Light Blue Touchpaper is absolutely spot-on in his reaction. As he says:
"It’s surely clear by now that the whole public-sector computer-security establishment is no longer fit for purpose."
I should coco!!!!For my part, I make these observations:
- The Great Bottler's dandy wheeze, when still Chancellor under Bliar, to expand his empire by combining tax and benefit functions under one roof at HMRC has come back to haunt him - he certainly looked pretty nervy as Darling delivered his Statement. A case perhaps of the biter bit?
- The fall-out from this will resonate for many weeks and months (and, as Dizzy suggests, Darling falling on his sword over it is a wholly viable prospect; it may even leech towards The Great Bottler himself). It is impossible to exaggerate how serious and damaging this could potentially be to the stability of the economy not only at the level of individual families but also much more widely;
- For anyone who has shrugged their shoulders and assumed that they are content that Government should be the primary manager and/or administrator of their personal data, this is proof positive (not for the first time) that they have been deluding themselves (as suggested above by Ross). And, while on the subject of shrugging shoulders, the litany of security lapses and failures perpetrated by Government and its departments is now so long that we should be demanding that effective action be taken to remedy the situation, not sitting back and let them repeat the same old mistakes time and time again;
- there is an urgent requirement to review and re-balance the legal position vis-a-vis the ownership of personal data. Currently the individual citizen has no rights of ownership whatsoever and inevitably therefore control over how the data is administered, processed, manipulated, &c is severely constrained and limited. At the very least the law should grant us some enforceable rights in this increasingly important area;
- at this stage, the Information Commissioner is quite right to reserve judgment. But, as a general principle, these sorts of security lapses need to be proceeded against with the full force of the law. Too often, they are dealt with internally by resort to what are, compared to what would happen in the private sector, relatively soft disciplinary measures. Rather, because of the position of trust in which Government and its staff find themselves, they should be prosecuted to the max.
No doubt this story'll run a bit in the coming days so I may well return to it. But for now, my mind is just boggling at how incompetent this whole sorry affair is - I've got to lie down with a wet towel over me head to try to recover!!!
No comments:
Post a Comment