A perfect example of an acute case of blurry thinking happened in the UK in October to November 2007.
Lost Database fiasco
On 18th October, the entire child benefit database of 25 million names was sent from Revenue and Customs Department, via internal mail by a junior official from HMRC in Washington, Tyne and Wear, to the audit office in London via courier TNT on 18 October.
Alistair Darling, the Chancellor of the Exchequer said the civil servant had broken the rules by downloading the data to disc and sending it by unrecorded delivery.
Bosses at the Revenue were not told about what had happened until 8 November and Mr Darling and Mr Brown learned about the situation on 10 November.
The officials involved waited before informing their superiors in the hope that the discs would be found.
The Metropolitan Police is leading the search for the discs, and the Independent Police Complaints Commission, which oversees the HMRC, is investigating the security breach.
The whole story was disclosed by the UK media around the 18th November, a month after the loss took place, amongst claims that the personal information on the discs is enough for criminals to steal goods and money worth "hundreds of millions of pounds."
Incompetence
This mess clearly demonstrates that governments, in any country, do not seem to be capable of dealing with any computers systems, except maybe a few PCs for their staff to send a few emails and the inevitable jokes to their colleagues.
This debacle confirms the suspicion that government agents are often careless, incompetent, clueless and guilty of blurry thinking. Whilst the government wages a campaign to urge citizens to protect their data against identity theft and the like, they themselves loose whole databases: pathetic. At the same time, banks who join the campaign leave personal data of their clients in outside rubbish bags where any thief can rummage and find information.
The public has lost confidence in the ability of the government to protect them or even to carry out the most simple processes, procedures and tasks.
Back up
Hopefully, the lost discs constitute only a copy of the database.
If not, the big question would be: how come that the department did not even think of making safety backups on disks, tapes, whatever, kept in a different secure fireproof location. This basic safety measure is taken by most responsible private companies. It is simple common sense and basic procedure, that even beginners would start on their first days working with any computer system.
The mind boggles!
This sad story is a perfect demonstration of how fragile digital information has become; how easily it can be damaged, deleted, lost, tampered with,or stolen.
Lessons
- never let incompetent people anywhere near information systems;
- when moving data, move bytes, not physical storage; and use secure procedures;
- whatever you do, have a strong back up process in place at all times, at all cost!
