Govt loses MORE personal computer details...... Muppets

Discussion in 'Current Affairs' started by fly_past, Dec 11, 2007.

Welcome to the Navy Net aka Rum Ration

The UK's largest and busiest UNofficial RN website.

The heart of the site is the forum area, including:

  1. The thing that annoys me most is that if HMG was a private company and it had committed the same sort of errors in the past months as the Government has, it would be bankrupt.

    No company could get away with such huge fcukups and so much damage to it's reputation. The dodgy chocolate bar thing nearly did for Cadburys- and its a big company. (Tho we can thank the need to rebuild reputation for the gorilla playing Phil Collins). Merril Lynch saw its profits cut (it still made a profit, however) and it's chief exec was sacked.

    The Government loses 25m people's personal information, invests £40bn + of OUR money in Northern Rock, and then carries on as tho nothing has happened.

    It's enough to make you want to be French. That's how bad it is.
  2. I am no defender of the government but I d get a tad irritated when all cock-ups are laid at the door of the governement. Yes they are the government, but in this case Parcelforce lost the discs which were sent by yet another inept slippery servant in DVLA (who cannot be oblivious to the previous ballsup).

    There but for the grace of god go I.
  3. Unless I am mistaken the DVLA is part of the Govt?! :afro:
  4. As is Parcelfarce wholly opwned by the government :rendeer:
  5. Technically so is parcelforce.

    Notwithstanding that I'm sure everyone can think of instances when internal mail has got lost, even inside a single building.

    The issue is that the data on the CDs should be protected in case of loss, although it probably falls below the Manual of Protective Security (the parent of JSP 440) as being ''Not Protectively Marked''.
  6. These data should have been encrypted and only authorised data released, if permitted under the data protection legislation. Any charity trustee who processed data in this manner would now be serving time in prison. As these cases demonstrate, however, the problem is not the supposed misconduct of junior officials but the institutional failings of the systems that operate within government administration. The fault lies clearly at the top - amongst the policy makers who have failed to formulate and regulate policy initiatives to prevent this sort of thing arising. Any organisation that alows anyone other than the Data Complience Officer/Data Controller and her/his (named) team to disclose data is guilty of maladministration. The Heads of the Agencies/Government Departments involved should be dismissed for gross misconduct. However ultimate responsibility lies in two directions: the Head of the Home Civil Service and the Minister for the Civil Service - those responsible for systems policy and its implimentation. No wonder the PM tried attributing the blame to a junior official.
  7. As Karma points out this data would more than likely have been given a marking below Restricted. The new marking is Protect and is between NPM and Restricted. It normally covers 'In Confidence' material that does not need a national security marking.
    There is no requirement for encryption at these levels of protection.
    The Manual of Protective Security does not recognise aggregation of data 440 which we all know and love does (aggregation is the piecing together of lots of info of a low PM into something more damaging which should be better protected) . It therefore does not matter if you have 1 record or thousands. It can still be burnt to disk and popped in the post, the same as a document of the same Protective Marking.
    The Prole doing the leg work here did not do anything wrong, according to the book, in fact by sending it Parcelforce where it should have been tracked they went beyond the requirements.

    Onto thingys point, yes the situation needs reviewing and it needs to be done at the higher level. It needs to marry up the DPA requirements and the MoPS requriements into something cohesive. Suitable hardware/software should be provided to the staff to ensure protection of the data. This should happen in conjunction with training to ensure the lower echelons understand the new procedures and why they have been implemented.
  8. I'm still trying to get hold of a copy of the new version, most frustrating not to have access yet.
  9. Its just as frustrating if you have it.....well thought out as usual.

    PM me if you want more details


Share This Page