Now the follow-up question would be....
How many council workers abuse their own systems.
Official claims that "your data is safe with us" suffered another body blow at the weekend with revelations of a dramatic rise in hacking of the UK’s tax and benefit mega-database by council staff. In most cases, councils appear to have concluded that the appropriate penalty for such unlawful prying into personal lives has …
The correct follow-up question is how many of them just didn't get caught?
If we use the statistical analysis techniques of people like the music/software business, there must be millions more guilty... (OK I'll leave for that comment; no coat required, it's 30 degrees outside!)
It's really sad, it's human nature and there MUST be very stringent safeguards to prevent against these kids of things.
If you consider that some psycho ex-partners murder their former lovers, it's not a stretch to think they'd pay someone to tap into databases.
Also, debt collectors/baliffs must surely be tempted to abuse the system.
I have minimal skills and a desire to make money. So, I think i'll sign up to be a council employee. </sarcasm>
Let me get this straight.
DWP has a big database full of juicy data, and people are able to get unauthorised access to this data and look at it. But they think that that is not their reponsibility?
Just explains what is wrong with civil "servants" having any control over this stuff!
"dramatic rise in hacking of the UK’s tax and benefit mega-database by council staff."
there is a difference between hacking/cracking and abusing the given access/authority. The "The Mail" might not know the difference, but el Reg should.
the real question is, did any of the workers leave a stick note with his/her username and password so that the other might use the system while s/he is away? Last time I checked, the police force does that! The way this is being reported, they are only concerned with the staff looking at stuff they shouldn't have been looking at, the bigger problem is when the staff *share* the things that they are *allowed* to look at, with other people.
"These figures are a dismal indictment of councils and the people we pay to work in them."
Maybe it's time to pay the going rate to get higher quality staff . . . . Silly me!
Quite apart from the fact that I agree there is far too much data held and distributed and probably no organisation could ever be truly trusted.
Public sector employees are paid more than private sector employees, "In every decile public sector staff earn more except at the very highest where compensation is roughly the same."
http://www.taxpayersalliance.com/research/2010/02/public-and-private-sector-pay.html
http://www.taxpayersalliance.com/research/2009/02/response-to-polly-toynbee.html
People seem to be drawing comparisons here where there's no data to support them. The statistics on unauthorized access to personal information in the private sector are conspicuous only by their absence. This is because you aren't going to get very far if you send a FoI request to Sky.
If you could, though, I bet the rate of snooping on other people's data in the private sector would turn out to be equal to or higher than the rate in the public sector. I know I used to work for a cable company and it happened all the time ('hmm, wonder what dodgy porn my neighbour's been watching on VOD'...) Not that this makes it any better, but it seems unjustified to assume this is all the fault of The Evil Gubmint / Unions etc.
Love to see this round where i live in Portsmouth, most people per square foot in the country, how you going to knwo who put what rubbish out in a block of flats that doesn't even have waste bins and only one re-cycle bin? this has fail more fail and complete fail written all over it and as people where commenting on it yesterday setting your alarm clock then sneaking next door to nick all there re-cycling will be the norm. taking re-cycling home from work? fly tipping so you don't lose your bribe.
A couple of weeks ago I was putting my rubbish out and noticed that there were a whole pile of bin bags stuck in front of my property, also last week someone dumped a washing machine in the alley at the back of my property.
Why does anyone think that if there is a payment or reward scheme it won't be subject to similar abuses?
The fact that so many of incidents go unpunished might suggest that they are being done at the behest of senior managers, who either don't know or don't care about data protection and don't want to spend the money to go through the proper channels. When it comes to light that someone too senior to be disciplined is at fault, is the investigation quietly dropped?
So how many were the result of an underling being told to "Just Fucking Do It!!!"
No, there isn't a solution simply by paying workers more. Higher pay alone doesn't necessarily lead to higher moral standards or "higher quality". Sometimes it seems to do the opposite: for example, MPs, estate agents, bank managers and, present company excepted, journalists etc..
Those at the bottom of the heap often seem to show greater integrity and more humanity than those who are climbing in order to accrue power over those beneath them.
We get that in Ireland, where the TDs (MPs) are highly paid "to reduce the incentives for corruption" -- in effect, they decided to pay themselves bribes not to take bribes. It worked about as well as you'd expect anything to work with the kind of people who make that kind of decision.
They wouldn't have given the project to BT.
Caveat : This is hearsay based on responses I received in a meeting with people working on the DWP project so I cannot verify if it is true or not.
In said meeting, mention was made of the work that was required on the database by the Indian contingent (Tech Mahindra).
I needed to be SC cleared before being able to work on this project I might interject here.
When I asked if they had hashed the contents of the database before sending it to India I received a response which indicated that they couldn't work out how to do it so they just shipped the entire thing.
The next day I was working on a different project.
Draw your own conclusions.
Complaints have been mounting about councils' handling of computerised records and IT projects for over a decade. Most of these complaints receive the brush-off from both councils and regulatory bodies. What's happening is pretty much common knowledge - the real scandal is that no-one really gives a damn.
And it goes much further than just access. Altering of databases to support a council's account of affairs or to protect incompetent individuals isn't rare, and the generation of correspondence records to cover non-existent correspondence seems almost commonplace. As for sensitive files about contracts, tendering, etc - the results are often so blatant it's astonishing.
IT security is a sick joke in most council departments and - given the amount of, at best unwise and at worst illicit, copying - it's amazing there aren't more losses. Some council departments don't even have the common sense to face monitor screens away from public areas, or switch computers off overnight. But then perhaps there are more losses - the public are generally the very last to know - even elected representatives are usually in the dark, having little choice but to trust senior officials who themselves aren't really in total control.
And why isn't there more fuss and whistle blowing - there are a great many very decent and concerned people working in local government?
Because everyone knows they wouldn't be telling senior officers - or in many cases even government departments - anything they don't already know.
Firstly, 124 incidents out of 140,000 staff is probably statistically better that what goes on (largely unreported) in Banks, building societies and other private companies who are not under the same level of public scrutiny.
It is also impossible to say staff have been treated too leniently because they were not dismissed without knowing the circumstances of each case. It could well be that the access was for a legitimate purpose but that the correct protocol was not followed. This is not a dismissal offense, this is a matter of warning and retraining.
In an ideal world everybody would follow the correct process and everything works first time. We don't live in an ideal world.
Safeguards can always be improved and lessons should hopefully be leant from these incidents.
Banks have had systems in place for a long time to prevent and detect this sort of opportunistic browsing of customer details. If you knew anything about financial services IT, you'd know that they are some of the most secure environments around. In the financial companies that I have worked for no-one has back end database access without a change record or incident management record, all work is checked. The staff at the counter don't have access to any accounts that they are not directly working on. A bank no more wants their staff routing through private customer data than any other company - put simply it's bad for business.
Various industries got a wake-up call several years ago when the David Beckham text messages were leaked by a call centre staffer at Vodafone. In the bank I work at, already tight security was further tightened and new systems were developed to monitor the behavior of those who accessed customer related databases to see if it was for work or 'pleasure'. This is on top of the regulatory security which is required by the FSA and the requirements of the likes of the PCI etc.
Almost all government or near government run agencies encourage customers to put CVs online and send them out to whoever might want to know your personal details.
Job Centres and agencies related to them are an example. Half baked unemployables desperate for a job will sign up for anything. Those govt funded agencies that help you write a CV will give you a pen to butcher your web identity, cook it and serve it up in Microsoft Word rich chunks.
I've never been to an employment agency that has ever mentioned online safety. I wrote a CV in an ofice of one minor agency like the above and was told that everything was perfectly safe by the tutor in charge of the day course.
Nuts in May, or what.
While ever there are data that can be accessed for personal gain or pecuniary gain it will be accessed and yes, I too have encountered poor practices in publicly funded bodies regarding respect of data.
Sure, many organisations do have policies in place but these tend to be presented upon inspection and ignored in totality for the rest of the time. And as for forging signatures on official forms ... well 'nuff said?
Perhaps the data should be processed and managed offshore, far away in some other climes?
Chris Hatfield: "Debt collectors/baliffs must surely be tempted to abuse the system."
They dont have ANY access. So its not an issue.
Dave 3:"Public sector employees are paid more than private sector "
I get £1000/mth to take home for work that involves customer facing / telephone work being abused verbally, high importance decision making and apply complex legal rules and procedures. I earned double as a half arsed kitchen fitter.
It's not about pay the rules, they are very strict, there is random checking where you have to provide proof that you are entitled to be looking at a record, every acess is logged and checked for patterns, a form to be completed every time you mis-type a National Insurance number, and a whole DWP department that deals with "the great and the good" who are not visible to anyone else.
John 186: "Altering of databases to support a council's account of affairs or to protect incompetent individuals isn't rare"
We have read-only access to a limited number of screens.
Anonymous Coward:
#1"there is a difference between hacking/cracking and abusing the given access/authority" - agreed top marks.
#2"the bigger problem is when the staff *share* the things that they are *allowed* to look at" - We really dont have that much to look at that is of any interest or value to others. Tell me how knowing what type of Jobseekers Allowance or Income Support someone is on is valuable intel?
#3"124 incidents out of 140,000 staff"
Wrong, there are 60 staff with access in my department, assume it is an average for all councils, 245 councils giving 14,700. The slowest worker checks the DWP on average 10 times a day, times 230 days working on systems a year, thats 33,810,000 accesses of which 124 were "security breaches" what ever that means.
144 out of 33,810,000. You wish your company had an error rate that low.
You know that such comparisons mask the real reasons people are so protective of local authority jobs. Heck, they bring in babies at 18 months or less to get them on HR registers.
Other factors are or include:
+ great pension
+ absolute confidence that whatever one cocks up one is reassured that colleagues will do utmost in damage limitation
+ fear of litigation let's and justifies one doing anything
+ natural attraction to sociopathy in an encouraging environment
+ look at some of the contracts written and drawn up by UK local authorities such as care workers having to wait at least 12 months for mileage allowance. Heck! If a council worker had to wait 2 months for travel allowance there would probably be a strike call
I could go on but suspect you already know the other (hidden?) benefits including ring fenced income, someone on one income level doing the job of another on a much lower structured income level, bumped income in last few years at work to bump up final year salary/pension payments, ...
Truth is while politicians come and go the UK (un)civil servantry is here to stay.