As The Register' John Oates reports, Richard Thomas was giving evidence to the Justice Committee in the Commons yesterday. He specifically calls attention to this comment from the ICO's head honcho: "... several [Government] departments have come to see us on a confessional basis, ..."
Chilling stuff and - as if we didn't already know - indicative of wholesale systemic failure of data security arrangements and protocols not just at HMRC but across the whole panoply of Government. And which departments (I reckon the DWP is a likely candidate) have been donning their hair-shirts and pleading mea culpa? Perhaps more importantly, shouldn't these departments be making these confessions to us directly - more than likely it's our data at risk - rather than skulking off to the ICO with their tails between their legs perhaps in the hope that their laxity and incompetence will get conveniently swept under a carpet?
A further article from The Register (John Oates again) reports that Richard Thomas also insisted that his "his budget was insufficient and his powers too weak". In fact I was appalled to read that, whereas the ICO gets a total of £10m annually (essentially from registration fees), the Health & Safety Executive gets £890m - bet that makes Dizzy Thinks utterly apoplectic, given his loathing of the HSE - and the Food Standards Agency £143m. I reckon this arrangement says a huge amount about where Government places data security as a priority within the scheme of things. Additionally Richard Thomas sums up government IT policy pretty well if clouded a bit with the art of understatement: "There is excessive faith in technology perhaps without addressing the risks that go with collecting that information." And just for good measure he was decidedly lukewarm about ID cards as well. All in all, it looks as if he's gearing up a little to exert the indpendence of his office somewhat more forcefully than he perhaps has done so in the last five years.
In that vein and on a (slightly) happier note, he also recommends some eminently sensible things that the Government could be getting on with in the wake of 'datagate', specifically the creation of a new criminal offence and a statutory right of inspection of any given organisation's data security practices. Quite rightly he defines the current position in law, where he can only act with the consent or at the invitation of the relevant organisation, as "bizarre". So, will the Government bring forward appropriate legislation as a matter of urgency? Well, I'm not holding my breath! Or will the Opposition Parties get their collective acts together and try and run something as a Private Members' Bill? At the very least that would put pressure on the Government. Well, as usual we'll just have to wait and see.
No comments:
Post a Comment