Disciplined or dismissed?
Nice of them to lump these gits all into one.
See the numbers are on the rise again!
Over 610 civil servants at HMRC have been disciplined or dismissed for inappropriately accessing tax records since the department was formed by the merger of Customs and Excise and the Inland Revenue three years ago. Refreshingly, none have been caught reading HMRC personnel files, though more than 600 have been caught snooping …
Nice of them to lump these gits all into one.
See the numbers are on the rise again!
So, lets get this straight access to download data to disc is assigned per role. But it would be a disproportionate cost to say how many individuals are assigned a role with this permission?
Is it me or does no one at HMRC have a basic grasp _STILL_ of SQL - the same people who sent personal details on a disc because removing them would be too costly?!?
Does the HMRC have a CIO, if so HE/SHE should answer these questions.
I worked opposite HMRC staff when I was a civil servant and I've got to say that the quality of staff was below par even for the civil service. They were paid a pittance (think minimum wages pro-rata) worked hard by innefective managers, treated like morons (ok, so some were but don't tar them all with the same brush ffs) and had a serious morale deficit.
And we expect them to be loyal, honest workers?
>>MPs were told it was not possible to provide information on how many staff had that access, or how many had received training because such information "could be collated only at a disproportionate cost.".
Translation : I haven't got the faintest clue and I truly don't know how to get those figures !!
How do they define "User-role" and how do they cross-link that with security ?? Presumably everyone who has to work with the data has a user-role or are only 50% of them doing any work at all and the rest just sit around drinking tea and scratching their rear-ends ??
The reason why other countries do not have their equivalent of James Bond is that they just send in a few blokes/girls to mix with those data processing persons and patiently wait for the data to fall on their laps !! Don't need no feeeelthy "00" agents !!
But the Ministry of Truth says that there are *NO* data leaks and what that Ministry says *MUST* be true !!
"Does the HMRC have a CIO, if so HE/SHE should answer these questions."
Forget the CIO. Ask the fool at the top. If they cannot answer the question, fire them. They're allowed to delegate the question to anyone else within the organisation, but the organisation *must* come up with an answer or else the boss goes. (Some questions are so basic that an inability to answer is just unforgivable.)
Give the new incumbent a week to sort out the situation and try again.
Repeat until you get an answer.
And isn't it odd how they give CEO's VERY high pay "because we want the best" and yet when it comes to the rank & file, it's all "well, it's a competitive market and we have to pay rates that are low enough to ensure we can continue".
When ministers are being told they won't get all the claims, they put out the idea that they must give ministers more money otherwise they'd not get reliable people in the jobs. Rank and file: If you don't like it, get a job elsewhere, we'll outsource to Latvia.
Imagine working all day in a boring job you hate, and theres a button at the top of your screen and you know if you click it you will be fired, maybe if I just have a quick look no one will know, no no its too risky, click click oh shit I didn't mean it.
May as well get my coat now maybe I will take a few other coats as well no no too risky oh f.... it.
On the mark...
Perhaps there's another question to ask "to ask FS why answer to question regarding numbr of staff who have access to tax records on would cost so much, if reported progress on e-enablement of department is to be beleived"
Oh. And don't forget total lack of job security, when your job can go at the whim of the PM when he thinks that what your doing dosen't get him enough votes.
Oh, and I thought I would save people time with stupid flames against me and the other AC....
"What are you on about. If they dont like the job they should leave."
"If they are any good they would be well paid"
"We all have to much work to do"
Is everyone in the government incompetent?
It does look like it doesn't it, even the most stupid of sysadmins should be able to produce a list of users by role.
Lets face it, if any commercial boss couldn't get the answer for that question for their board of directors they would be fired.
BTW, these are the same jokers that want the Identity register.
Let's face it, employment in the public sector pretty much only exists to serve those who are unable to get or hold down a job in the private sector.
Paris because she's probably done more work than most public sector workers
the people that have access to most of the data are, generally, morons.
The jobs are all based in a city which is entirely propped up by the government, the talent has moved away leaving the local workforce a little "skill shy".
Also, most of these jobs are call centre type stuff, so why would you want to employ and pay for clever people.
think some of you might think before you comment, lest you too become a moron.
mine's the one with the tickets back to london in the pocket.
If anybody wants to know how the civil service is run simply watch Yes, (Prime) Minister. It may be 30 years old, but it's exactly the same today with 1 major exception. It's no longer just politicians trying to chop the civil service, Civil Service chiefs are out to screw their staff too.
" MPs were told it was not possible to provide information on how many staff had that access, or how many had received training because such information "could be collated only at a disproportionate cost.". "
I don't know how many offices HMRC has, but lets see, one phone call to each HR bod at each location, HR bod looks at their invoices for training and counts them, HR bod phones whichever IT bod is responsible for maintaining the Active Directory server and gets them to email a breakdown of user roles. If that can't be done it's because the answer to the training question is "none whatsoever" and the 'access by user role' statement is a flat out lie.
I see they are still clinging to the "disproportionate cost" whinge, no doubt a remnant of the many FOIA requests they have turned down on this basis, but since when was that a valid response to a question by parliament ? Tossers.
Odd that. I worked in Local government for 4 years and got fed up. I moved to a large international company and have less work, more pay and am doing very well.
I asume you have never worked in the public sector and are basing this on reading tabloid news papers.
And do we expect the hordes surrounding the all-seeing ID Card database to be any different?
And will the checks and controls be any better?
Seriously, lets face it half of government cock-ups these days are down to badly implemented IT. We should have an IT minister who should be expected to answer questions on these subjects to a reasonable level - hell, I could do it, so could any other half-decent IT director in the UK.
How do we go about getting one? These news items on el Reg are getting ever more common.
Paris, cos she could do a better job as Minister for IT than anyone currently in the big house.
"MPs were told it was not possible to provide information on how many staff had that access, or how many had received training because such information "could be collated only at a disproportionate cost." "
Clicking on the user list for security access is disproportionate?
Right. This is a lie, straight out, and the response to this assertion should be the individual in charge being fired immediately.
I'm fed up with the incompetent and overstaffed public sector always hiding its screw ups.
Which party do I vote for to get a small government that'll trim all the tax-sucking wastrels?
Civil servants are mostly job-protectors and idlers. They do anything to stay in their job and anything to do no work. The 5% of good, intelligent, conscientious ones carry the load for those who surf for holidays and make cups of tea all day. I was a contractor for a few months and the to other contractors and I did all the work. The others either played on the web or chatted or had 'meetings' so they would get biscuits with their tea. I left. Did my head in.
the news in this story is not the snooping. We'd have been 'king amazed if that hadn't been going on. No, what really matters is what it reveals about the mindset of the children in charge.
"Kennedy revealed that less than one per cent of total HMRC staff per year have been caught improperly accessing information."
Kennedy told the Commons the numbers "reflect the strength of HMRC's internal disciplinary procedures".
these two passages reveal that they think they're actually doing rather well and that "only" one percent bad appleship is acceptable when you're holding the private and sensitive data of 40 million citizens. That alone should be enough to persuade doubters that they are not fit to govern and certainly not fit to be holding sensitive data.
Unfortunately their audience (the unwashed masses) are, if anything, slightly more ignorant than their political masters and they too will probably think along the lines of "less than one percent" being a perfectly acceptable security standard.
Those of us who care about these things (including most of you likely to be reading this) need to figure out how to present the "Idiot Guide to Stupid Security" so that we can make the wider public begin to understand the full dangers that governments represent when we let them loose in this area...
No not everyone is - trouble is any sign of competence is usually misunderstood as being a rebel and they will attempt to drive them out, insane or they just give up because banging one's head on brick walls all the time hurts
information "could be collated only at a disproportionate cost.".
Translation " If we told you the truth you would laugh at us "
Access by user role :
Translation " They all can stupid or they wouldn't be working here "
I have tried to think of one valid reason why anyone needs to have a working CD writer usb ports enabled etc etc on any of their machines and i cant come up with a decent answer.
No one needs any abilty to transfer data in this way NO ONE !!!!!
The data base design should prevent all access to unauthorised intrusion and these are the same mutton heads who are designing the all singing all dancing ID database.............i think they need a few more meetings before going any further down that road !!!!
It is incompetence from the very top time a few top names were given their marching orders.
"Odd that. I worked in Local government for 4 years and got fed up. I moved to a large international company and have less work, more pay and am doing very well."
I spent three years in local govt [left for the same reasons as you - fed up], a year in a school [never again] and now I work in Central Govt, have lost *another* £1/hr and am having to look at going back to rent a room just to make ends meet, which is pretty embarassing frankly.
Where are these jobs with large companies where I can get back into proper support with reasonable pay and less strange expectations?
Anon, because my bosses read this...
"And don't forget total lack of job security, when your job can go at the whim of the PM when he thinks that what your doing dosen't get him enough votes."
Actually, no. A lot of criticism of civil service staff on this thread may be unfairly generalising, but this is just plain wrong. It is almost impossible to get sacked from the HMRC unless you are actually convicted of taking bribes, or of breaking the confidentiality protocols. Since the latter are now being busily eroded by "information sharing" initiatives from SOCA, Cabinet Office, MinJ and so on, it will soon be difficult for anyone except too-greedy special investigators to lose their jobs.
Coming from another arm of the Civil Service I can't say for sure whether it's the case for HMRC, but where I'm at there are a lot of 'fixed-term-appointments' and employees on 'casual contracts' (most of whom are anything but since they like the job and want to keep it - it's the old timers who get too comfortable that are causual). I'd imagine that this is where the problem lies.
It's the 'had access' that's key here. Being able to say who 'has' access ought to be trivial, but who 'has had' access over the period is different. For us, staffing levels are determined against perceived demand over a period to keep things as lean as possible and often the same people are re-employed over the course of a few years so that you cannot accurately say just by reference to head-counts as you may be double counting. Add to that the fact that HR records get old so that there may be no valid reason for keeping the information which means it needs to be destroyed under the DPA as there's no reason to hold the information.
I've no doubt however that the HMRC systems contain the very same, if not stronger audit trails built into the systems we use. Systems I might add that have been evolving for a long long time.
It's all very well mouthing off about how databases should be designed and this and that should be so easy but you can't even be certain that it's actually an SQL database under the hood! Even if it is, data needs to purged at some point - why keep information relating to someone who's no longer working there - there's certainly less chance of someone not employed gaining access if they no longer exist on the system.
The auditing is good - that's why so many people get caught. Some systems will stop you and ask you to justify accessing a particular record randomly to discourage peeking.
You'll also find it's usually someone trying to work out a potential partner / child's partner's income rather than James Bond trying to bring down the economy.
As for idlers and the like - yeah you get them, you get them in any job or business I've worked with plenty, but gone are the days of infinite sickies. People are regularly dismissed for pulling sickies and for not meeting the performance targets set.
Yep, the Civil Service is well and truly in the 21st Century (or the part I exist in anyway) and my managers are good people who'll do anything to keep their staff in jobs because they have a real passion about what they do and why they do it. Of course there are wankers who are cruising toward retirement but with every passing day there's less of them and their place is filled with someone who deserves the job.
People like my colleagues and I are care as much about the taxes we pay as you do and we want value for money and the best we can get.
You never know the use of a good thing until you've lost it and if the focus groups are full of people who don't understand what the Civil Service does for them then they'll be the ones crying when the big private companies come along and spunk everything up - and there'll be no turning back 'cause all the good guys will be gone and we'll all be stuck with the likes of Crapita making profit from our taxes (if anyone can work out how a profit provides better value for money than non-profit I'd love to hear it - none of us want to be privatized so we strive to make sure there's no profit to be had in our business - don't be surprised if you hear about Civil Servants telling the Private Sector how to run a call centre at some point in the future).
Don't kill the goose that laid the golden egg.
AC because it's about getting things done - not glory.
..."If you have nothing to hide, you have nothing to fear", eh?
"You'll also find it's usually someone trying to work out a potential partner / child's partner's income rather than James Bond trying to bring down the economy."
Uh, that's *much worse* from my point of view. Only the government cares about foreign spies, they're a complete irrelevance to the rest of us. The millions of public sector workers, however - a legion which is growing every second as the government swallows up enterprise at a rate that makes cancer envious - that's a different matter. None of us are ever going to have to deal with a foreign spy, every single one of us has to deal with public sector workers.