back to article Council staff breach DWP database

The Department for Work and Pensions has disclosed that 124 council employees illicitly viewed personal data on its Customer Information System last year. A Freedom of Information request by GC News revealed that local authorities dismissed 26 employees during 2009-10 for breaching data security. The department's response …

COMMENTS

This topic is closed for new posts.
  1. Hollerith 1

    It hardly matters if private companies can't see it

    Given that its own staff bleed risk, it shirley is less than important that outside companies are more restricted int heir viewing rights. Horses, bolted, door, barn.

  2. xj25vm

    Confusing

    "It also disclosed that no private companies, other than its own IT service providers and those contracted by councils to deliver services, such as BT, are able to access the CIS. It stressed that private sector companies are only able to do so on a restricted basis."

    So, which one is it? No private company, or a whole bunch of IT suppliers (anybody knows how many are there) working with councils, or all private companies, but on a 'restricted' basis?

    1. Bambaaclaaaat

      not really confusing

      I don't know, xj25vm. Why not ask Kable from which the article is reproduced?

      1. Anonymous Coward
        Anonymous Coward

        My first IT job

        My first job at a major IT house was to replace a legacy pensions system - we had to clean up the data and move it onto the new platform. It was very common for data to be corrupted (due to the age of the old system and disagreements from satellite systems.) If we had "lost" a customer or their addresses didn't tally across systems, we sent their National Insurance number to the DSS and they sent us back their address, if they knew it, so that we could re-unite them with their pensions.

        (I never managed to get my head round how someone could forget that they had a pension, but there you have it.)

  3. Anonymous Coward
    Anonymous Coward

    Why am I not surprised?

    Access is granted to just a few, but there will always be the "I'll let my mate have a peek" types, or "I'll leave that logged on while I nip to the toilet" episodes. It doesn't matter how few people have authorised access, there will be ways for unauthorised people to get a glimpse. Human nature being what it is, people like to see what they are not allowed to see, and frequently, they will succeed.

  4. TkH11

    ContactPoint

    Makes you wonder just how many abuses there would have been of the ContactPoint database had that gone live when there are literally hundreds of thousands of authorised users.

    "Our staff are vetted and trained, they won't abuse the data in ContactPoint"..Yeah Yeah.

  5. kevin biswas
    Big Brother

    Tip of the iceberg.

    Dont they mean 124 council employees *known* to have illicitly viewed personal data ? Surely the ones who get caught will be the merest tip of the iceberg.

  6. pAnoNymous
    Big Brother

    Proles are Scum

    Labour always had the policy that the proles are scum and the operatics are all to be trusted (at least that's what it tolled them and the proles). Good days.

  7. Christopher W

    If BT can see it

    then they've already analysed everybody's profiles and are targeting them with 'relevant' ads.

    Given that some people may have accessed their own accounts, surely they can't be sacked for that? They have a right to see what information is held on themselves per the DPA... Or are they denied access to their own information? Glossing over the technicalities and ethics a little, but on the face of it that particular scenario seems a bit arse backwards.

    1. Ancient Oracle funkie

      There are some problems with your post. (Mine, I forgot the title!)

      > ... and are targeting them with 'relevant' ads.

      You know, I almost responded with a "don't be silly" but then realised it must have been typed in jest. Sometimes I take things very literally.

      However, when you say "They have a right to see what information is held on themselves per the DPA" I have to say, they probably do but only by applying to DWP, the owners of the data, and asking for it. I doubt very much that they would be allowed to just look it up themselves. Remember these are council employees given express permission by DWP to use CIS for a specific reason.

      Suggest we have a Pedant Alert icon!

  8. Justicesays
    Boffin

    Methodology, and confusing figures...

    So, in the article it switches from 124 Employees in the first sentence, to 124 breaches later, does that mean there were in fact 124 separate accesses, each by a separate employee? Or were there 24 employees investigated, who may have looked at any number of records each? Or were there 124 accesses, with some overlap in who did them?

    And one would assume that (most of) these employees were those caught be an audit process, i.e. they would have regular access to the database as part of their job role, but an audit of a random selection of accesses showed that in these cases they had no justification for looking at the records in question. This would mean that statistically, there could be a much larger number of breaches, a number which could easily be estimated if the percentage of audited transactions vs number of total transactions were known.

    This would be a useful figure to know and one would have thought another FOI request would have winged its way over about that.

This topic is closed for new posts.

Other stories you might like