An abridged version of this appeared in the Guardian newspaper’s letters page today
As chance would have it a major EU-sponsored conference on privacy, identity and technology was taking place in central London yesterday, as news broke of the UK’s tax CD-ROM fiasco. I was one of a hundred or so experts from across Europe from a wide variety of technology, research, and legal backgrounds who were debating these issues.
Whilst the discussion at the conference raised many pertinent points about technology and data protection, mainstream news reporting has centred on whether cost cutting within HMRC is to blame. Personally, I find this rather disappointing. No doubt this is great fun for political point scoring, but basic data protection measures cost little if any money, in terms of staff time (which is where the debate has focused), to implement.
For example, why was even the most simple data encryption not undertaken? Why in the age of the Internet and highly secure Government data networks are CD-ROMs flying about between different parts of the public sector. Sending a disc by TNT post surely costs more than using a data network.
It should also be borne in mind that none of this is new. As Jonathan Bamford, from the Office of the Information Commissioner, pointed out in his speech to the conference, the data protection framework that is supposed protect citizens’ private data in ICT systems has been in place for twenty years. I think that in the Tax CD-ROM case there seems to be some evidence that this was ignored, possibly with the knowledge of senior managers.
All of this means that there is a pressing need to address the lack of public confidence in the Government’s ability to protect our personal data. Jonathan Bamford made reference to the latest survey undertaken by the Office of Information. This shows that protection of personal information was ranked, by the general public, as their second highest concern—just below fear of crime. This survey was taken before yesterday’s events and placed privacy concerns above worries about the health and education systems.
Data protection of citizen’s information should be hardwired into the DNA of government departments and agencies. It clearly is not, judging from this case. Until it is there should be no more talk of a national ID system.
Tags: CD-ROM, HMRC, national ID, privacy
Tech Lunch 
November 27, 2007 at 10:51 am |
Speaking as a parent of 3 bonny children and as a recipient of working tax credit I find the whole thing slightly funny. I was reassured that any loss I may incur would be covered by my bank. Question is who covers my bank? If this were an outfit like Experian rather than the Tax Office there would have been a charge of criminal negligence by now. Is this a question of one rule for one and another for another?
On a slightly side note, I must be one of the most secure folks in the UK financially at the moment. My bank is covered against identity fraud courtesy of missing data discs and my mortgage is underwritten by the Bank of England courtesy of the Northern Rock fiasco. All I need is a guarantee of a job for life with big fat pension and I’ll have it made 😉
December 6, 2007 at 10:01 am |
[…] the European Union’s Privacy Conference (which I mentioned last week) I was involved – for the first time – in a roundtable discussion which was also featured […]