ICO: Education ministry BROKE the Data Protection Act

I would love to know the detail of the mistake they made. I'm willing to bet it was something so elementary as to be utterly unreportable.

Someone really should have been fired for that, or at least properly punished (demotion, suspension, whatever). Remind me again how tolerant the government is when we in the real world break their rules?

Moreover, why on earth was the *Education* department trying to butt in on telecomms regulation in the first place? Presumably because the people who know what they're doing are at least bright enough not to swallow Perry's half-baked crock plans for censorship-by-default under the lie that this is "opt-in", so she had to shop around for another department incompetent enough to try...

"...limited amount of personal information being compromised"

Well they might have a point, I suppose, in relation to the contact details provided, but the breach was far more serious than that.

This problem potentially revealed confidential submissions (assuming that confidentiality was requested) and, depending on the nature of those submissions, they may have been particularly sensitive.

Worst for me, though, was the fact that people's submissions may have been edited by others (as I unfortunately did) and so their names may have gone against views that they did not hold.

It was an appalling error that really warrants serious censure, even if the ICO aren't up for it.

Building web pages for crisp packets

If its anything like a typical Gov IT 'Project', here's how it went:

Gov IT person to (incumbent) IT Services Supplier "hey, we want to do this, we'd like you to go away and, free-of-charge, come up with a project to deliver a web survey".

IT Supplier Account Manager(s) "quick, grab anyone around who may have 5 minutes free to knock up a shiny architecture pic & a Power Point - but don't take any time as you can't charge for it and don't bring in additional resources as...we can't pay for it".

10 days later...

Gov IT Person to Suppliers "hmm. Your all rubbish but this option which costs 27p & a packet of crisps looks ok"

IT Supplier Account Manager (thinks) "Brilliant, I can show I'm farming my customer & winning new Biz, only trouble is the Price I agreed will pay for about 4 hours (shared) of a team of 4....hmm, better cut back on the Web Dev, as I don't have one as part of the Account team at the moment".

....10 weeks later...

IT supplier Account Manager "of course we had no budget to do the necessary software life cycle, least of all an integration/test cycle after all - you don't get much more than a hapless junior for 30 minutes for a packet of Salt & Vinegar Walkers these days y'know"

Gov IT Person "Crickey! Ah well, shut it down: that was our last 27p and that pack of crisps was from my own lunch box - we're buggered until the new FY now"

All: "Now, what do we tell the Public?"

Yup. Been there, done that, got the broken mouse (what, you think someone can afford to give out T-shirts?!)

Wide concequences

Surely, given how many people reuse password, revealing both email addresses and passwords means that there is a good chance sensitive details have been made available indirectly or other serious harm could have occurred. If the password was for the email acount, or face book then you are almost certainly to find information on sexual orientation and quite possible religious views or health information.