21 November 2007

I've got a good idea - let's burn the Child Benefit database onto a CD and send it through the post.

Not a lot of time to post over the last few weeks but the extraordinary story of the missing Child Benefit data has jolted me into action.

For once, headlines from duff papers such as the Daily Mail make perfect sense - "mind-blowing incompetence".

The data include bank account details and various other sensitive info. They ere apparently put on CD by a junior HMRC operative in Newcastle, posted to London using a courier - not unrecorded Royal Mail delivery as some sources initially reported - and failed to arrive about 3 weeks ago.

AFAIK the data were not encrypted or even password protected in any way.

What the f***? Haven't these people even heard of secure FTP? Why the hell were the data being put in the post in the first place?

If it was just one person whose details had been compromised in this way it would be scandalous. But it's 25 million people - half the bloody country.

Brace yourselves for the paralysis of the banking system as justifiably concerned customers ring up to request changes of account details and query any anomalies - or perceived anomalies which appear on their statements. Which is just what we need in the current financial climate. Meanwhile the whole thing rather undermines the Government's campaign for greater vigilance to prevent ID fraud. Are people gonna bother to take precautions if government departments are this sloppy?

If this kind of story appeared in a political drama it would be criticised for being too unrealistic. Good luck getting out of this one, guys - the Tories will be having a field day.

No comments: