IPS dismissed 14 over data protection The Identity and Passport Service has dismissed 14 people over the last three years, most for abusing access to the passport database. Of 16 cases where data protection was breached, all but one involved members of staff who had legitimate access to the Passport Application Support System database, and who used this for …
"IPS said it employs more than 4,000 staff, and the majority need access to personal data to carry out their work. "The fact that the systems IPS has in place have identified just 16 instances of unauthorised access over the past three years, and these resulted in 14 dismissals, is testament to the way in which the agency protects its data and the seriousness with which it views breaches," said a spokesperson."
Yes, but still, you will always have this 0.4 % of abuses per year, no matter what. From my records, it's an uncompressible percentage, and the bulk of personal info DB problem.
>> "The fact that the systems IPS has in place have identified just 16 instances of unauthorised access over the past three years, and these resulted in 14 dismissals, is testament to the way in which the agency protects its data and the seriousness with which it views breaches,"
An alternative view is that perhaps the dat protection processes are ineffective and this is just the tip of the iceberg.
The question is how many people weren't caught? 1? 10? 100? 1000? 4000?
No one knows. It may be there systems have got better and they should be congratulated for catching more people, it may be their staff have got thicker and are more likely to be caught or it may be their staff have realised the potential profit and are more likely to do it.
"..From my records, it's an uncompressible percentage,..."
What records are these?...if you can tell us without uncloaking your AC status.
I'd have thought that if you got rid of the 'type of person' who did this, by firing them, then you would reduce the number of incidents and hence the percentage?
More study is needed as to why they carried out an unauthorised access that was deemed so serious as to be a dismissal offense. If it was for criminal or fraudulent gain then getting rid of them would flush the system of undesirable types. If however the access was motivated by simple human curiosity then that cannot be removed from the system. We'll probably never know the details of the nature of these unauthorised accesses.
""The fact that the systems IPS has in place have identified just 16 instances of unauthorised access over the past three years, and these resulted in 14 dismissals, is testament to the way in which the agency protects its data...."
They need to learn that detecting only 16 instances does NOT mean that only 16 instances occurred. They, and all organisations, need independent oversight, checking and testing, carried out by an external organisation. This will not happen due to entrenched interests and arse covering political/power structures - same as it ever was and it will get worse.
obviously passports are necessary, and IPS must be commended for catching, doing something about, and publicising (at least some of) their bad apples, and it implies that at least have some kind of system for detecing this kind of abuse
nevertheless, this is why a joined-up identity system is a bad idea. regardless of whether or not you think it won't be open to abuse deliberately by the government, it _will_ be open to abuse by people taking backhanders to look up details on behalf on any number of shady folk
"The fact that the systems IPS has in place have identified just 16 instances of unauthorised access over the past three years, and these resulted in 14 dismissals, is testament to the way in which the agency protects its data and the seriousness with which it views breaches,"
Or it's a testament to the weakness of the IPS systems. Only 16 of 4,000 misused data?
BTW, a pedant would note that according to the second para. of the article, there were no instances of unauthorized access, only instances of unauthorized use. I'm not, so I won't.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
