Right now the focus is on the HMRC and various politicians. But there are two parties in this monumental fiasco. What about the Audit commission's role here.
I mean we are not just talking about any old department. We are talking about the AUDIT commission. Think about it. How come did this department ever accept the principle of potentially accepting data on a CD posted insecurely.
Wednesday, 21 November 2007
Tuesday, 20 November 2007
CD loss timeline
The Beeb has published a useful timeline page on CD loss by people who really should know better. And that is for me what is really scary about this. You would expect a government department to bear the hallmarks about what is best in data privacy - after all they wrote the book, aka the Data Protection Act.
Child Benefit Alert
The UK government has lost a CD with private details of half of the population, including bank and national insurance information. They are being very reassuring, "there is no evidence of any fraud." In my opinion this is a disingenuous comment.
I say that because they are saying that from a top-down perspective. They have asked police to investigate who so far have not found out anything. Well that does not in my opinion count for anything. What counts is banks saying they have taken steps to ensure that fraud cannot happen. What counts is a complete absence of people saying they have no evidence of fraud. What counts is the CD being found, and a full audit of where the CD was at all times.
The Times has said that 99% of people do not suffer fraud from such an exposure. Just1% fraud on half of the UK population is a terrifying statistic. Even 0.1% would be staggering.
Remember that we (the public) have only just found out about this today. The CD was lost ten full days ago. Now assume that the CD was in fact stolen. That means that a criminal mind could have been abusing that data for ten full days. That means that data could be put to one side and used in the future when all the rumpus has gone quiet.
If you suspect fraud has happened on one of your accounts, now, in the last 10 days or in the future how can you prove that it was related to this problem? How can the banks and the government prove it was not related to this problem?
I say that because they are saying that from a top-down perspective. They have asked police to investigate who so far have not found out anything. Well that does not in my opinion count for anything. What counts is banks saying they have taken steps to ensure that fraud cannot happen. What counts is a complete absence of people saying they have no evidence of fraud. What counts is the CD being found, and a full audit of where the CD was at all times.
The Times has said that 99% of people do not suffer fraud from such an exposure. Just1% fraud on half of the UK population is a terrifying statistic. Even 0.1% would be staggering.
Remember that we (the public) have only just found out about this today. The CD was lost ten full days ago. Now assume that the CD was in fact stolen. That means that a criminal mind could have been abusing that data for ten full days. That means that data could be put to one side and used in the future when all the rumpus has gone quiet.
If you suspect fraud has happened on one of your accounts, now, in the last 10 days or in the future how can you prove that it was related to this problem? How can the banks and the government prove it was not related to this problem?
Subscribe to:
Posts (Atom)