From : Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The Child Benefit data on them include name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.
Reaction from blogs has been swift and mostly unforgiving. Professor Ross Anderson a leading security expert writing in the says:
It鈥檚 surely clear by now that the whole public-sector computer-security establishment is no longer fit for purpose. The next government should replace CESG with a civilian agency staffed by competent people. Ministers need much better advice than they鈥檙e currently getting.
The :
Why was one junior civil servant allowed to have access to download the full database, when the National Audit Office didn't even request all of that data, only a small sample for audit purposes e.g. a dozen records ?
of the consequences:
UK banks could be forced to close the accounts of all child benefit claimants affected by an HMRC 鈥渙perational failure鈥 that resulted in the loss of 25 million records stored on discs, a Gartner analyst has warned.
The notes that this isn't the first problem to have recently affected the Government:
Central government doesn't seem to be having much luck complying with its data protection obligations at the moment. , the Treasury [actually the Foreign Office] has recently had to give undertakings to the ICO that it will comply with the Data Protection Act following an incident involving disclosure of personal data on a visa applications website. In the 大象传媒 report on the current issue, the ICO says it is already investigating two incidents involving the Treasury.
UPDATE: Oh the irony. Just noticed this. At the there's an interview with a person described as the "HMRC Chief Executive" talking about the need to celebrate success..
UPDATEII: And some wag has put a