back to article Council staff helping selves to data

Official claims that "your data is safe with us" suffered another body blow at the weekend with revelations of a dramatic rise in hacking of the UK’s tax and benefit mega-database by council staff. In most cases, councils appear to have concluded that the appropriate penalty for such unlawful prying into personal lives has …

COMMENTS

This topic is closed for new posts.
  1. Is it me?

    Now the follow-up question would be....

    How many council workers abuse their own systems.

    1. BristolBachelor Gold badge

      No the follow-up question is...

      The correct follow-up question is how many of them just didn't get caught?

      If we use the statistical analysis techniques of people like the music/software business, there must be millions more guilty... (OK I'll leave for that comment; no coat required, it's 30 degrees outside!)

  2. Chris Hatfield

    I'm going to get me a lucrative job at the council

    It's really sad, it's human nature and there MUST be very stringent safeguards to prevent against these kids of things.

    If you consider that some psycho ex-partners murder their former lovers, it's not a stretch to think they'd pay someone to tap into databases.

    Also, debt collectors/baliffs must surely be tempted to abuse the system.

    I have minimal skills and a desire to make money. So, I think i'll sign up to be a council employee. </sarcasm>

    1. Anonymous Coward
      Happy

      The little blighters!

      "It's really sad, it's human nature and there MUST be very stringent safeguards to prevent against these _kids_ [emphasis] of things."

      I wholeheartedly agree! We must definately prevent the existance of these underage hooligans at all costs!

  3. Anonymous Coward
    WTF?

    Bin chipping still going on

    The pay as you go bin tax has been abandoned, but the chipping of bins by councils has not been banned. Councils are now using it on the basis of using it for carrots (as opposed to sticks) in the form of vouchers (eg Club card points) etc for local businesses.

  4. BristolBachelor Gold badge
    FAIL

    Not their responsibility?

    Let me get this straight.

    DWP has a big database full of juicy data, and people are able to get unauthorised access to this data and look at it. But they think that that is not their reponsibility?

    Just explains what is wrong with civil "servants" having any control over this stuff!

  5. Anonymous Coward
    Big Brother

    define hacking?

    "dramatic rise in hacking of the UK’s tax and benefit mega-database by council staff."

    there is a difference between hacking/cracking and abusing the given access/authority. The "The Mail" might not know the difference, but el Reg should.

    the real question is, did any of the workers leave a stick note with his/her username and password so that the other might use the system while s/he is away? Last time I checked, the police force does that! The way this is being reported, they are only concerned with the staff looking at stuff they shouldn't have been looking at, the bigger problem is when the staff *share* the things that they are *allowed* to look at, with other people.

  6. Anonymous Coward
    Megaphone

    Pay peanuts . . .

    "These figures are a dismal indictment of councils and the people we pay to work in them."

    Maybe it's time to pay the going rate to get higher quality staff . . . . Silly me!

    Quite apart from the fact that I agree there is far too much data held and distributed and probably no organisation could ever be truly trusted.

    1. Dave 3
      Flame

      not so

      Public sector employees are paid more than private sector employees, "In every decile public sector staff earn more except at the very highest where compensation is roughly the same."

      http://www.taxpayersalliance.com/research/2010/02/public-and-private-sector-pay.html

      http://www.taxpayersalliance.com/research/2009/02/response-to-polly-toynbee.html

      1. Oz

        Re: Not so

        But there is clearly some debate about the quality of those stats, as picked up on by the various commenters to the articles

    2. Adam Williamson 1
      Stop

      Or...

      People seem to be drawing comparisons here where there's no data to support them. The statistics on unauthorized access to personal information in the private sector are conspicuous only by their absence. This is because you aren't going to get very far if you send a FoI request to Sky.

      If you could, though, I bet the rate of snooping on other people's data in the private sector would turn out to be equal to or higher than the rate in the public sector. I know I used to work for a cable company and it happened all the time ('hmm, wonder what dodgy porn my neighbour's been watching on VOD'...) Not that this makes it any better, but it seems unjustified to assume this is all the fault of The Evil Gubmint / Unions etc.

  7. Anonymous Coward
    FAIL

    Bin chipping

    Love to see this round where i live in Portsmouth, most people per square foot in the country, how you going to knwo who put what rubbish out in a block of flats that doesn't even have waste bins and only one re-cycle bin? this has fail more fail and complete fail written all over it and as people where commenting on it yesterday setting your alarm clock then sneaking next door to nick all there re-cycling will be the norm. taking re-cycling home from work? fly tipping so you don't lose your bribe.

    1. Graham Marsden

      Another Portsmouth resident

      A couple of weeks ago I was putting my rubbish out and noticed that there were a whole pile of bin bags stuck in front of my property, also last week someone dumped a washing machine in the alley at the back of my property.

      Why does anyone think that if there is a payment or reward scheme it won't be subject to similar abuses?

  8. ElFatbob
    Thumb Up

    Potential win-win situation here...

    Summary dismissal for anyone found to have done this, with criminal charges where appropriate. Should do a bit for cutting back the bloated public sector.

  9. Red Bren
    Thumb Down

    JFDI

    The fact that so many of incidents go unpunished might suggest that they are being done at the behest of senior managers, who either don't know or don't care about data protection and don't want to spend the money to go through the proper channels. When it comes to light that someone too senior to be disciplined is at fault, is the investigation quietly dropped?

    So how many were the result of an underling being told to "Just Fucking Do It!!!"

  10. David Pollard

    @ AC - Pay peanuts ...

    No, there isn't a solution simply by paying workers more. Higher pay alone doesn't necessarily lead to higher moral standards or "higher quality". Sometimes it seems to do the opposite: for example, MPs, estate agents, bank managers and, present company excepted, journalists etc..

    Those at the bottom of the heap often seem to show greater integrity and more humanity than those who are climbing in order to accrue power over those beneath them.

    1. Anonymous Coward
      Coat

      to be sure to be sure

      We get that in Ireland, where the TDs (MPs) are highly paid "to reduce the incentives for corruption" -- in effect, they decided to pay themselves bribes not to take bribes. It worked about as well as you'd expect anything to work with the kind of people who make that kind of decision.

  11. Anonymous Coward
    Stop

    If the DWP gave a shit about their database

    They wouldn't have given the project to BT.

    Caveat : This is hearsay based on responses I received in a meeting with people working on the DWP project so I cannot verify if it is true or not.

    In said meeting, mention was made of the work that was required on the database by the Indian contingent (Tech Mahindra).

    I needed to be SC cleared before being able to work on this project I might interject here.

    When I asked if they had hashed the contents of the database before sending it to India I received a response which indicated that they couldn't work out how to do it so they just shipped the entire thing.

    The next day I was working on a different project.

    Draw your own conclusions.

  12. Anonymous Coward
    Anonymous Coward

    This is history not news...

    Complaints have been mounting about councils' handling of computerised records and IT projects for over a decade. Most of these complaints receive the brush-off from both councils and regulatory bodies. What's happening is pretty much common knowledge - the real scandal is that no-one really gives a damn.

    And it goes much further than just access. Altering of databases to support a council's account of affairs or to protect incompetent individuals isn't rare, and the generation of correspondence records to cover non-existent correspondence seems almost commonplace. As for sensitive files about contracts, tendering, etc - the results are often so blatant it's astonishing.

    IT security is a sick joke in most council departments and - given the amount of, at best unwise and at worst illicit, copying - it's amazing there aren't more losses. Some council departments don't even have the common sense to face monitor screens away from public areas, or switch computers off overnight. But then perhaps there are more losses - the public are generally the very last to know - even elected representatives are usually in the dark, having little choice but to trust senior officials who themselves aren't really in total control.

    And why isn't there more fuss and whistle blowing - there are a great many very decent and concerned people working in local government?

    Because everyone knows they wouldn't be telling senior officers - or in many cases even government departments - anything they don't already know.

  13. Anonymous Coward
    Anonymous Coward

    toomuch conjecture and not enough context.

    Firstly, 124 incidents out of 140,000 staff is probably statistically better that what goes on (largely unreported) in Banks, building societies and other private companies who are not under the same level of public scrutiny.

    It is also impossible to say staff have been treated too leniently because they were not dismissed without knowing the circumstances of each case. It could well be that the access was for a legitimate purpose but that the correct protocol was not followed. This is not a dismissal offense, this is a matter of warning and retraining.

    In an ideal world everybody would follow the correct process and everything works first time. We don't live in an ideal world.

    Safeguards can always be improved and lessons should hopefully be leant from these incidents.

    1. Anonymous Coward
      Anonymous Coward

      Err...

      Banks have had systems in place for a long time to prevent and detect this sort of opportunistic browsing of customer details. If you knew anything about financial services IT, you'd know that they are some of the most secure environments around. In the financial companies that I have worked for no-one has back end database access without a change record or incident management record, all work is checked. The staff at the counter don't have access to any accounts that they are not directly working on. A bank no more wants their staff routing through private customer data than any other company - put simply it's bad for business.

      Various industries got a wake-up call several years ago when the David Beckham text messages were leaked by a call centre staffer at Vodafone. In the bank I work at, already tight security was further tightened and new systems were developed to monitor the behavior of those who accessed customer related databases to see if it was for work or 'pleasure'. This is on top of the regulatory security which is required by the FSA and the requirements of the likes of the PCI etc.

  14. I. Aproveofitspendingonspecificprojects 1
    FAIL

    No but yes but no

    Almost all government or near government run agencies encourage customers to put CVs online and send them out to whoever might want to know your personal details.

    Job Centres and agencies related to them are an example. Half baked unemployables desperate for a job will sign up for anything. Those govt funded agencies that help you write a CV will give you a pen to butcher your web identity, cook it and serve it up in Microsoft Word rich chunks.

    I've never been to an employment agency that has ever mentioned online safety. I wrote a CV in an ofice of one minor agency like the above and was told that everything was perfectly safe by the tutor in charge of the day course.

    Nuts in May, or what.

  15. Anonymous Coward
    Paris Hilton

    There are solutions

    While ever there are data that can be accessed for personal gain or pecuniary gain it will be accessed and yes, I too have encountered poor practices in publicly funded bodies regarding respect of data.

    Sure, many organisations do have policies in place but these tend to be presented upon inspection and ignored in totality for the rest of the time. And as for forging signatures on official forms ... well 'nuff said?

    Perhaps the data should be processed and managed offshore, far away in some other climes?

  16. Ewill_\m/_\m/

    From a Council worker who spent all day using the DWP systems, a reply:

    Chris Hatfield: "Debt collectors/baliffs must surely be tempted to abuse the system."

    They dont have ANY access. So its not an issue.

    Dave 3:"Public sector employees are paid more than private sector "

    I get £1000/mth to take home for work that involves customer facing / telephone work being abused verbally, high importance decision making and apply complex legal rules and procedures. I earned double as a half arsed kitchen fitter.

    It's not about pay the rules, they are very strict, there is random checking where you have to provide proof that you are entitled to be looking at a record, every acess is logged and checked for patterns, a form to be completed every time you mis-type a National Insurance number, and a whole DWP department that deals with "the great and the good" who are not visible to anyone else.

    John 186: "Altering of databases to support a council's account of affairs or to protect incompetent individuals isn't rare"

    We have read-only access to a limited number of screens.

    Anonymous Coward:

    #1"there is a difference between hacking/cracking and abusing the given access/authority" - agreed top marks.

    #2"the bigger problem is when the staff *share* the things that they are *allowed* to look at" - We really dont have that much to look at that is of any interest or value to others. Tell me how knowing what type of Jobseekers Allowance or Income Support someone is on is valuable intel?

    #3"124 incidents out of 140,000 staff"

    Wrong, there are 60 staff with access in my department, assume it is an average for all councils, 245 councils giving 14,700. The slowest worker checks the DWP on average 10 times a day, times 230 days working on systems a year, thats 33,810,000 accesses of which 124 were "security breaches" what ever that means.

    144 out of 33,810,000. You wish your company had an error rate that low.

  17. Anonymous Coward
    Paris Hilton

    C'mon Ewill dude?

    You know that such comparisons mask the real reasons people are so protective of local authority jobs. Heck, they bring in babies at 18 months or less to get them on HR registers.

    Other factors are or include:

    + great pension

    + absolute confidence that whatever one cocks up one is reassured that colleagues will do utmost in damage limitation

    + fear of litigation let's and justifies one doing anything

    + natural attraction to sociopathy in an encouraging environment

    + look at some of the contracts written and drawn up by UK local authorities such as care workers having to wait at least 12 months for mileage allowance. Heck! If a council worker had to wait 2 months for travel allowance there would probably be a strike call

    I could go on but suspect you already know the other (hidden?) benefits including ring fenced income, someone on one income level doing the job of another on a much lower structured income level, bumped income in last few years at work to bump up final year salary/pension payments, ...

    Truth is while politicians come and go the UK (un)civil servantry is here to stay.

This topic is closed for new posts.