back to article Dole Office staff snooped into private data 992 times in 10 months

Staff at the Department for Work and Pensions (DWP) were disciplined a total of 992 times for unlawfully or inappropriately accessing individuals' social security records between April 2011 and January this year. The figures were obtained following a freedom of information (FOI) request to DWP by Channel 4's Dispatches …

COMMENTS

This topic is closed for new posts.
  1. andreas koch

    All for the public good...

    >

    ... controller'. A person is not guilty of an offence if they can show that unlawfully obtaining, disclosing or procuring of the personal data was justified as being in the public interest.

    <

    Does that sound like the easiest excuse ever?

    So, as a private eye or journalist, what do I need?

    Somewhere where there's a primary school. A guy in a long coat. Someone* who thinks he might look a bit like the prime minister. Someone else* hears someone calling him 'Dave'.

    Public interest acquired, all doors open?

    Please someone tell me that that is not the case.

    Can we have a shit-scared-icon?

    These people only get paid in full if there's a story later.

    1. Anonymous Coward
      Anonymous Coward

      Re: All for the public good...

      It shouldn't be as bad as all that, as long as there is common sense in the application. 'Public Interest' should only be a legal defence if disclosure is of significant benefit to the public and if there is reasonable belief that there is no other way to get the information out.

      That aside, I think DWP and all bodies with access to sensitive data should be required to exercise an 'instant dismissal if caught' policy, with no public interest defence.

      1. andreas koch

        @ JustaKOS - Re: All for the public good...

        Yet it might well be decided that it was in the interest of the public to either convict the person in question or clear him of suspicions and thereby aid the investigation in a potential child abuse case. It could all be interpreted to: 'do wrong first, justify later'.

        I agree that common sense would be of service here, unfortunately lawyers will also involved; that is what makes me worry.

        Oh, and have an extra '*' that I forgot as a footnote marker in my earlier post.

      2. Geoff Campbell Silver badge
        Flame

        Re: All for the public good...

        Ah, yes, "Common Sense". The rallying call of the majority throughout history.

        I think we need an extension to Godwin's Law to include that phrase, personally.

        GJC

        1. Anonymous Coward
          Anonymous Coward

          @Geoff Campbell - Re: All for the public good...

          There's nothing wrong with the term 'Common Sense', though I agree it is often abused. Where the law is concerned, in particular where the issue is subjective, I think we can expect the courts to exercise it properly (I think Appeal Courts certainly do).

          If you can come up with another shorthand for "intelligent and logical consideration, paying due attention to the intent of the law", I'd consider using it.

          As for Godwin's Law - it is often used lazily to slap an opinion down without bothering to counter the argument, so I'd rather see it canned than extended.

          1. Geoff Campbell Silver badge

            Re: @JustaKOS

            Well, if it were only ever used as shorthand for "intelligent and logical consideration, paying due attention to the intent of the law", then I might revise my opinion. But in my experience, "Common Sense" is almost always used as shorthand for "Why oh why won't you just stop being so *stupid* and just see things my way?", but with added self-righteousness.

            Maybe I've just been unlucky.

            GJC

        2. Panimu

          Re: All for the public good...

          Common sense would tell you the Earth is flat and the Sun revolves around it.. so what use Is that.

          1. Is it me?

            Re: All for the public good...

            Thing is, if you commit a data breach and are disciplined by your employer, the public interest defence won't wash at all, as even if it was they wouldn't agree, that would require you to go to court and prove it. If you have accepted payment for that data then, you really would have a hard time.

            It would be interesting to know how the data breaches occurred the usual way is social engineering, or exploiting our habit of being helpful, I doubt there are many true instances of corruption, but the DWP pay peanuts and expect intelligent and professional behaviour, as does the tax payer, hmmm.

    2. The BigYin

      Re: All for the public good...

      @Andreas Koch

      This dovetails with the idea that it can be acceptable to commit one crime in order to prevent a greater one. For example, exposing "private" information that shows a public servant is on the take, or committing an act of trespass to save a life. You can invent your own examples and, of course, it's up to a court to decide if the defence applies.

      What it does not cover, however, is raking through people's details for purely personal/devious reason (e.g. you want to date them).

      Your example could actually apply, but you'd need a lot more evidence to satisfy a court that you had just cause to go prying.

      1. andreas koch
        Holmes

        Re: All for the public good...

        >

        ...but you'd need a lot more evidence to satisfy a court that you had just cause to go prying...

        <

        I'm not even afraid that someone publishes that I've done wrong. If I've done it, I'll have to live with the consequences.

        What my concern is, is that some over-eager writer* gets the details not quite right and you end up making the front page for child abuse AND IT WASN'T YOU. Then a correction and apology gets published on page 17 three days later. No one will read it and your reputation is wrecked for ever.

        *And yes, they are about; if they don't publish fast and waste too much time checking the facts, then someone else might beat them to the printing deadline. And northing's worse than being the second paper that publishes a gory story.

  2. alain williams Silver badge

    992 times

    What is it ?

    a) 992 times that they know about ?

    b) 992 times that they are willing to admit ?

    c) 992 times with no possibility of any more ?

    I strongly suspect (a) with a bit of (b).

    1. Alan 6

      Re: 992 times

      Read the sub-headline and you'll see it says "And that's just the times they were caught..." which I think answers your question...

    2. Panimu

      Re: 992 times

      992 is meaningless without a headcount figure anyways.

  3. Crisp

    Disciplined

    I hope that means fired.

    1. andreas koch
      Black Helicopters

      @ Crisp - Re: Disciplined

      Unlikely. It will probably boil down to a 'verbal warning', valid for 6 months.

      Whispering: ' Is that the Super Universal News? Put me through to Mr. Medium Cheese. - - - Hi, Meddy, listen mate, I got to lay low for a while - yea, about 'till September - look, if you can find anything to make my supervisor get into this as well, I can of course help sooner - of course, I'll mail that to you - cheers, buddy'

      Coughcoughcough...

  4. The BigYin
    FAIL

    Only disciplined?

    "Staff at the Department for Work and Pensions (DWP) were disciplined a total of 992 times for unlawfully"

    It was unlawful...why weren't they prosecuted? Oh wait, civil service; above the law and don't care about data privacy (as numerous news stories inform us).

    1. andreas koch
      Joke

      @ The BigYin - Re: Only disciplined?

      >

      ...as numerous news stories inform us...

      <

      Those are written by journalists whose informers demanded too much money.

    2. Ged T
      Holmes

      Re: Only disciplined?

      A good point - It probably requires another one or two FOI to be served:

      1. "Of the 992 disciplinary actions applied to staff at the DfWP for unlawful data and privacy breaches, how many of those were prosecuted, as per the law?"

      and/or

      2. "With respect to DfWP unlawful data and privacy law breaches, how many of its staff were reported to the police force and prosecuted by the Crown Procesuction Service?"

      Somewhere around the figures resulting from such queries, it may be possible to establish if ANY prosecutions resulted. I would truly hope that either of these questions would yield a significantly higher number than zero... IMHO, if there have been zero prosecutions, the ICO and the Justice Ministry (for RightThink) need to be brought to account, on all our behalf by Parlimentary oversight committee, at the very least...

    3. Anomynous Coward

      It was unlawful...why weren't they prosecuted?

      Would you want a prosecution for every speeding offence? Littering?

      It's not at all clear what these unlawful or inappropriate disclosures of data were. Would something like remarking to a colleague that some random client's middle name was 'Shithouse' and having a bit of a giggle count? Clearly unprofessional but probably not worth taking to trial in most people's opinion.

      Investigative documentaries have to make their claims as attention-grabbing as possible and yet from a department with a budget of over £100 billion and 100 thousand staff serving millions of clients they've got fewer than a thousand incidents in a fairly wide range of possible offences.

      It's clearly too many and there are genuine grounds for concern but I wonder if you scaled up your average private sector organisation to those levels and audited to the same levels whether you would find a great deal of difference.

  5. ukgnome
    Trollface

    I have a public interest in infringing copyright and how easy it is to do, does this mean that I can do without fear of the law?

    My Arse!

    1. This post has been deleted by its author

  6. This post has been deleted by its author

  7. Winkypop Silver badge
    Black Helicopters

    Relax

    All your private data are belong to us!

  8. Anonymous Coward
    FAIL

    So they were not fired - was the effected people told?

    So if they were not fired were those effected told about this abuse and why not. If somebody illegaly accessed my file for neferious means then I'd want them disaplined into a new job and I'd want to be told about it. After all if I had the option of sueing there ass's then and only then will the goverment take there responsibility to heart. If I joe public access information illegaly it is called hacking and is known as a crime which can lead to me being deported very easily and these pissants get a peace of paper acknowledging there failure and allowed to carry on as long as they dont do it more than 3 times in any 6 month period and in that I mean get caught.

  9. jacobbe
    WTF?

    Meaningless Law

    What is the purpose of the law if no one is prosecuted? For gawds sake, Its happened 992 times. Clearly the law needs enforcing.

    A few prosecutions are need to give the message that this behaviour should not be tolerated.

  10. Peter Galbavy
    FAIL

    Criminals should be treated like criminals

    This is not the same as getting caught stealing loo paper from the company and getting a warning from personnel. This is criminal behaviour and neither the DWP nor any other government department should be allowed to handle this internally. Each and every one of this 992 plus all the uncounted other similar criminal actions should be passed to the police and/or CPS for investigation and possible prosecution.

    Again: This should not be the DWPs choice. The watchdog is truly toothless.

  11. Dazed and Confused

    Then they wonder why

    people are nervous of the government (and others) building giant databases with all our info in. Its just too easy for these types of illegal access to occur.

    Then they want to out source running the operation. So the people looking after the info have even less likelihood of feeling obliged to treat it with up most respect. Lets face it, the out sourcing deal is going to go to the lowest cost bidder, so you get three effects

    1) you pay peanuts you get monkeys

    2) its generally held to be easier (or at least cheaper) to bribe under paid people

    3) all the staff know the "customer" doesn't give a flying f*&^ about them, so feelings are likely to be mutual.

  12. Anonymous Coward
    Anonymous Coward

    And this is why...

    ...I want my personal data removed from their databases. I am currently on ESA WRAG on the Work Programme (even though my health is crap and this is not making it any better) and I am in the process of creating a letter provided by www.consent.me.uk to withdraw any consent to use my personal information as the work provider is a private company contracted to the government and they share the information across databases. I already was coerced (using veiled threats of sanctions to my benefit) into giving my email, telephone numbers, signing a permission to use my CV and gave out other information I probably did not need to. They also want me to give them a CV, 2 copies of ID Passport/Birth Cert, 2 copies of last 2 utility bills and 2 referees!

    Obviously none of that is now going to happen as I cannot be sanctioned on my benefits for not providing this apparently and it will prevent the work programme provider from pestering me when I do eventually (lol) find another job as they can keep pestering you even if you are in employment for up to two years! Reason? They get paid for every person they find (force) into a full time job and have to make sure you keep it or lose money.

    Many charities signed up to the Work Programme initiative as providers for slave labour including OXFAM, MIND, MENCAP and a whole host of other charities and organisations who thought they would get some extra funding. Only they are in contradiction to those self same people they are meant to be helping (the disabled and unfit for work). It's scandalous!

    http://www.consent.me.uk/charitycollaborators/

    http://www.bbc.co.uk/news/business-17538046

    I'm reading this article now and they wonder why we don't trust them with our personal information.

    1. Anonymous Coward
      Anonymous Coward

      Re: And this is why...

      Forgot this link.

      http://www.guardian.co.uk/voluntary-sector-network/2012/mar/12/large-charities-government-work-schemes

  13. adam payne

    This is unacceptable behaviour and needs to be stamped out.

    If I was to do this is would be gross misconduct and I would probably get the boot.

    I want to know what safe guards they have in place to stop this from happening, do they actually have any?

  14. micheal
    Coat

    I think it should be interpreted as

    "we only ever caught one person and they had unlawfully accessed data 922 times"

    the rest took us for a drink and it was all forgotten about.

    Fixed that for them

This topic is closed for new posts.

Other stories you might like