Blog

Crap Government IT Rules OK? Oh well, pass the biscuits.

Written By:
Published:
Content Copyright © 2007 Bloor. All Rights Reserved.
Also posted on: Nigel Stanley

As I sit writing this rant I can feel the collective blogsphere
seething at news that HM Revenue and Customs have managed to lose millions of
child benefit records – up to 24 million according to BBC News at the time of
writing.

Apparently the data, on CD, was lost as it was being couriered
to the National Audit Office (Why by the way?). Apparently the discs were “password protected”
but I haven’t seen mention of the “encryption” word yet. I assume the data was not suitably encrypted,
if it was then the loss would have been an irrelevance and the data safe and
sound.

I have written so many lines covering data leak prevention
and loss protection that I am starting to see double. I’m currently researching
over 70 vendors that have products that prevent data going missing (data leak
prevention) or encrypt it so that if it does go missing it is protected (data
loss protection). Almost anyone of these vendors could have flogged HMRC a
product that could have saved them a lot of pain today, and it is appalling to
hear of such a data loss.

For heavens sake, you can pop down to PC World and buy an
encryption product for the price of biscuits at a civil service meeting.

Enough must be enough.

The loss of 26.5 million war veterans’ data from the United
States Veterans Association a couple of years back when a laptop, containing
unencrypted data, was stolen in a burglary is often cited as the event which
changed a lot [but certainly not all] of organisational attitudes to data
encryption in the US, but we obviously have a long way to go.

With a government intent on building ID and DNA databases I
shake my head in horror at the sheer incompetence of those charged with
designing, implementing and managing the
systems. Of course there must be pockets of excellence in government IT that
are as freaked out as I am about this news, but I believe them to be a
shrinking minority.

I really hope that this disaster is the beginning of a
change in attitudes to data protection in the UK and the importance of data
leak prevention and loss protection. Somehow I think I may be disappointed
though.

Anyone for another Jaffa Cake?