‘A colossal error’

My goodness, what a mess. A junior civil servant in the unhappy liaison that is HMRC apparently showed a little too much initiative last month, and when asked by the Audit Office for the details of all the people in the UK receiving Child Benefit, he or she simply copied the information onto 2 discs and popped them in the internal post.

The only problem with the scenario is of course that the discs were lost in the post, so to speak, and the details of 25 million people are…. well….. missing. Names, addresses, dates of birth, childrens’ dates of birth and bank details. It’s been called almost everything, but I reserve the right to call it GUBU. Two things strike me above all else: Are Gordon and Tony’s personal details missing, and how on earth did they get that many names on 2 discs? It is too early to say who will fall or when, but the first casualty was the Head of HMRC who fell on his sword last night. As an affected parent who intends closing down the bank account concerned, I have to say the whole affair truly beggars belief. I mean- have you ever tried to phone these people for details? They wouldn’t tell you the time of day without an authorisation in triplicate, yet they have shown a cavalier disregard for the Data Protection Act, as well as the 25 million unsuspecting citizens involved in the debacle. I don;t think we have heard the last of this yet, by a long shot. UPDATE: Looks like the wags aren’t wasting any time with this one Cheers, Fraggle

  • ulsterfan

    This information is so valuable that the two discs will be found.
    The whole apparatus of the State will be thrown at the problem but the Government will have the impossible task to reassure us that no damage was done and that something similar will never happen.
    The person holding the discs must be sweating.
    They are probably lying in a drawer or under a desk waiting to be found.
    Nothing sinister.

  • Newton Emerson

    Well of course the data got out – that’s the whole point of computers: making it easy to retrieve, copy and disseminate information.
    It’s bizarre that this government thinks of IT as a way of centralising and containing information instead – it reveals a secretive and autocratic mindset. It also reveals how much this government has been hoodwinked by cunning IT consultants.
    The classic example is the new NHS ‘spine’ – the dedicated network for sharing information between hospitals and GPs. What they could have done was give every GP and hospital a simple database package and told them to e-mail files on the (rare) occasions when they need to be transferred. But where’s the £12 billion contract in that?
    Then there’s the ID card scheme, the national DNA database, the biometric passport system – if any junior civil servant can burn this stuff off onto CDs at any time, how long do you think it will be before that gets out too?

  • Katinka

    Have you not heard the latest on the 6.30 ITV news? Apparently the Revenue only wanted the names and Nat Insurance numbers, but someone took the decision to send the lot because separating out the two items required would be too much trouble….it wasn’t a junior clerk that took that decision!

  • Miss Fitz

    If you read the first link Katinka, to the
    piece in the Times, you will see all of those details too. Must have been easier to copy the lot, rather than sort it all out.

  • Boff

    It’s not just the state that will be looking for them, can you imagine how valuable those disks would be to criminals/terrorists?

  • The Dubliner

    It’s amazing how straightforwardly the billions of pounds of taxpayer’s money that was invested in providing security for data is de facto squandered when some klutz puts the data into an envelope and entrusts it to Royal Mail. And yet, when your security system is so lax that a junior civil servant can access a vast amount of data, copy it, and egress it from the building…

    It makes you wonder how much other informational has, like Elvis, left the building, either by accident or by design.

  • The Raven

    I hope that this very story unites us all against Government plans for ID cards. If it’s “digitize-able”, it’s steal-able. What a blunder. Perhaps something like this will be the death knell for the whole stupid scheme.

    Just a point on the issue of ID cards and biometric information. I am assuming that this biometric information system can be transferred into 1’s and 0’s like everything else? And if so, it can be pinched or nicked as easily as a Visa card’s details.

    And if someone manages to steal your biometric info….would you ever be “you” again…?

    Just a slightly off-topic ramble.

  • Miss Fitz

    Dubliner
    Don’t want to interfere in the thread, but just to point out it was a courier, not Royal Mail that should have carried the package. TNT are adamant that they did not mislay the package, and said that they have systems for carrying important items. These details were obviously not deemed all that important! A case of familiarity breeding contempt perhaps?
    While not ruling out the idiot factor, I think that the possibility of a malicious outcome is not one to be dismissed at this point either

  • Comrade Stalin

    By the sound of this, this is a regular, standard occurrence within several departments, not just HMRC. It sounds to me as if the civil service does not have any internal rules governing the duplication of data and the basic security measures to be observed when it is to be transmitted. What is interesting is that the recipients of the data did not raise formal complaints with the government when they received CD-ROMs by unregistered post.

    There are some more silly things being trotted out in the media right now. People are asking “how on earth could he access all this information ?”. To me this isn’t very surprising, it was probably a requirement of the guy’s job to be able to access it. I used to work in a bank, and there are thousands of people working there who have access to everyone’s financial details, going back decades – they need this in order to do their job. Likewise, the receptionists working in a doctor’s surgery have to have access to everyone’s medical records. All the staff working down at the Inland Revenue offices in Belfast will be able to look up the details of anyone living/working in the UK. Organizations like these *should* have controls which log accesses to data, which can then be independently audited to identify any staff members who are accessing data in a way which is clearly beyond the requirements of their job. I had assumed the government already did this, but I guess they’ll be putting together plans to implement it now.

    Listening to this on News 24 it sounds like the government are trying to feed the media with the line that this was a junior clerk performing an unauthorized transaction. I find this to be extremely difficult to believe – why would someone knowingly risk their career in this way ? I suspect that the chap at the centre of this was doing what he and his colleagues have always done, and that his line managers were well aware of it and indeed probably instructed him in the procedures that he has used. I’d say they’ve been burning and posting CD-ROMs in this way for years, and that this isn’t the first time one has gone missing.

    The NHS IT contract is regarded as a joke within the IT industry, perhaps except for those IT subcontracting houses who are making a very large packet from it. That project started when Bill Gates visited dear old Tone at #10 one day and told him about how computers could make the NHS better. Blair bought it. IT projects are supposed to start out with a clear and well-defined set of requirements. The requirements on the NHS project are unclear, except for the “lets spend lots of money on shiny new computers, as this will be good”. This government appears to have a strong tendancy to meddle in things in the belief that something which is already working perfectly well can be improved through their tinkering.

    I would point out also that even if the CDROMs are recovered, there’s no way to know whether or not they have been duplicated. One CD-ROM can be duplicated within five minutes.

  • kensei

    “The classic example is the new NHS ‘spine’ – the dedicated network for sharing information between hospitals and GPs. What they could have done was give every GP and hospital a simple database package and told them to e-mail files on the (rare) occasions when they need to be transferred. But where’s the £12 billion contract in that? ”

    No Newton, this is an absolutely appalling idea. In the five seconds off the top of my head: Who’s going to set up the database schema? What if it needs to change, how is that change going to get pushed out to thousands of separate systems? Who’s supporting it? Databases don’t have the appropriate user interfaces required – the assumption all Doctors are computer literate is a false one. What if the files are corrupted, deleted or lost? What if someone can’t be contacted and there is an urgent need for a medical history?

    Government IT projects are undoubtedly gold plated and have ridiculous contract terms – if our software is of poor quality we get absolutely hammered by the customer and financial penalty. But that doesn’t negate the underlying complexity of a lot of the problems, and saying “Well, just use Access” won’t fix it. There are probably a handful of companies that can take on custom software for the NHS – that’s why they get such good terms.

    As for pulling out a subset of data from a larger set, if this was stored in a database its trivial, and 25 million records in a flat file seems like complete madness.

  • Fraggle
  • joeCanuck

    Loved it, Fraggle. I’m still chuckling.

  • I Wonder

    Something that’s perhaps unavoidable when, due to cutbacks, you flood a govt. office with temp. and agency staff who are utterly demotivated, unfamiliar with established procedures and spend their afternoons looking for other work.

    Thus is the professionalism of the public service undermined and diluted.

  • mnob

    Kensei – you are undoubtedly right – but the point is that the complexity comes from the top – a centralising controlling government that sees complex IT systems as a way or organising the masses so creates systems so complex that noone undertands them – they get bypassed a lot – and fiascos like this are guaranteed.

    The problem is not with the IT companies or civil servants.

    Garbage in – garbage out.

  • The Dubliner

    If you look at the case of the Irish woman, Dolores McNamara, who won €115m in the EuroMillions lottery, you’ll see that the problem of privacy invasion, both deliberate and accidental, by civil servants isn’t limited to the UK.

    Despite a policy being in place that staff should only access records on a need-to-know basis, it is apparent that there is widespread access of confidential data on a whimsical want-to-know basis. A culture exists the right to privacy is not taken seriously by government departments.

    As The Sunday Times reported:

    [i]”An investigation by the Revenue Commissioners has found that 28 members of its staff looked up McNamara’s tax records after her lottery win, even though they had no reason for doing so.

    No disciplinary action has been imposed but the offenders have been issued with warning letters telling them not to do it again. They have also been alerted to the potential consequences of ignoring the advice.

    A second and much larger inquiry into similar activity is still continuing in the Department of Social and Family Affairs where 125 civil servants have been asked to explain why they called up McNamara’s welfare and benefits details. The inquiry is due to be completed in late February.”[/i]

    Clearly, there needs to be a culture where privacy is taken very seriously, and where all invasions of it are punished without exceptions – up to a criminal offence level. In addition, there needs to be a system put in place that either prevents unauthorised access of records or that monitors access for irregular behaviour.

    Even small and medium sized businesses that spend very little on security know that confidential information, such as customer accounts, plans, etc, are never to be accessed on any computer that allows copies to be made of discs or allows data to be transferred via other methods such as USB Zip, Bluetooth devices, etc. Yet a supposedly security conscious government department allows three major infringement of its security to occur: access of all records, copying of all records, and a means by which the data can leave the secure area. If it is that easy, then it’s safe to assume that no information in a government department is secure… and that everything your government knows about you is also known by the Chinese, the Russians, and any other espionage agency who wants to know it.

  • kensei

    “Kensei – you are undoubtedly right – but the point is that the complexity comes from the top – a centralising controlling government that sees complex IT systems as a way or organising the masses so creates systems so complex that noone undertands them – they get bypassed a lot – and fiascos like this are guaranteed.

    The problem is not with the IT companies or civil servants.

    Garbage in – garbage out”

    I have no doubt the requirements being handed down leave a lot to be desired. But actually, sometimes centralisation of data isn’t a bad idea and if you could get a system that hooks up all that data there are potentially a lot of productivity gains, and once you have it there is scope for improvements and innovation.

    Here is one idea, also off the top of my head. You could set a program up to trawl through the medical records of people looking for people with very high risk factors for breast cancer, (or any other disease), and get it to post them a letter suggesting they book a screening.

    Software companies often have to deal with poor requirements and poor lines of authority. It increases risk, but doesn’t mean that bad software must follow. In fact decent software companies should be helping nail the requirements, and consulting firms definitely should. The problem is the contracts handed out that would not be tolerated by the private sector, and insufficient penalties for screw ups.

  • Wee slabber

    Whatever happened to integrated network systems? Do Microsoft, Oracle, or any other decent size, multi-site companies sent data by disk? I doubt it. The UK Govt’s system sounds stone-age.

  • mnob

    I have to say Kensei I am opposed to centralisation and control on a number of fundamental levels – only one of which is the government’s unrealistic views on how IT can improve efficiency.

    An example I would have is speed cameras – very efficient use of IT – very good at catching speeders – but accident rates have contiued to climb – and lazy police forces are using these to up their ‘success’ rates and missing drunk drivers, drugged drivers, drivers without insurance, unlicensed drivers …

    In every single instance I can think of government metrics are actually making life worse – e.g. young people are discouraged from doing science at school because it is difficult ad will make the school’s metrics look bad. Therefore we have a looming shortage of scientists and engineers. If you cant get the metrics right the IT system will be cr*p too.

    The breast cancer idea you have – how about your local GP (or nurse) looks at your file whenever you are in getting a smear test done and has a word with you (assuming your a woman of course) if you are at high risk. No complex IT system required.

    Yet in your last line you say the problem is the contracts which are handed out. Who creates the contracts ?

  • Nevin

    “In fact decent software companies should be helping nail the requirements, and consulting firms definitely should.”

    EDS: HMRC and JPA

    Oh, and this week’s Private Eye named the senior RAF Officer Tom mentioned earlier this month who took up a seat on the EDS Defence Advisory Board in March. It was the former vice-chief of Defence Staff, Air Chief Marshall Sir Anthony Bagnall.

    Hmmmmm. Should we be looking at something similar happening here? Water service?

  • kensei

    “I have to say Kensei I am opposed to centralisation and control on a number of fundamental levels – only one of which is the government’s unrealistic views on how IT can improve efficiency.”

    The problem is the centralisation of data – be it criminal records, health records etc. All of those, in themselves, are good things. The power and the danger comes from the ability to link all that information together and cross reference everything.

    I’m not entirely sure it can be avoided, but it can be made harder.

    “An example I would have is speed cameras – very efficient use of IT – very good at catching speeders – but accident rates have contiued to climb – and lazy police forces are using these to up their ‘success’ rates and missing drunk drivers, drugged drivers, drivers without insurance, unlicensed drivers …”

    Don’t speed.

    Second, the fact that the police don’t do their job is irrelevant to the fact that speed cameras are good at what they do. And it isn’t really a large centralised system in the same sense.

    “In every single instance I can think of government metrics are actually making life worse – e.g. young people are discouraged from doing science at school because it is difficult ad will make the school’s metrics look bad. Therefore we have a looming shortage of scientists and engineers. If you cant get the metrics right the IT system will be cr*p too.”

    No, we have a shortage of scientists and engineers because the subjects are perceived as “hard”, and science and engineering jobs don’;t pay well enough in comparison. The test results are largely irrelevant – the grades required by the unis drop to attract students to unpopular courses.

    “The breast cancer idea you have – how about your local GP (or nurse) looks at your file whenever you are in getting a smear test done and has a word with you (assuming your a woman of course) if you are at high risk. No complex IT system required.”

    I know, why don’t we do every single calculation by hand? Oh wait, it’s totally impractical, infeasible and error prone. Doctors couldn’t cover the volume.

    “Yet in your last line you say the problem is the contracts which are handed out. Who creates the contracts ?”

    Oh, the government doesn’t get off the hook. But it’s a problem common almost everywhere, and it’s not just as simple as blaming them.

  • Newton Emerson

    Kensei, you’re falling for the magaproject myth.
    There is no need to build big systems from the top down. Take the health system – there’s a huge mature market for standalone desktop medical record apps in the US. Over the past two years the insurance companies have demanded standardised interfaces and database schema for processing Medicare claims. The software industry has introduced a standard, EMR, which most packages have now been rewritten to meet.
    No need for £12 billion of fibre-optic cables. No need for insurance companies either – the NHS could have set the specifications here from the outset. This would have led to a much more stable and secure distributed system than the centralised system now underway.
    I realise it’s not as simple as saying “just use Access” but it’s nearly as simply as saying “just use Access”. The complexity, cost and vulnerability of Connecting for Health is a total abomination.

  • kensei

    Newton,

    It depends what you mean by “distributed”. Several thousand separate standalone applications is not a distributed system. It’s several thousand standalone applications. Can they share and search each other’s data? Then you have a distributed system. But you almost certainly need those fibre optic cables and some decent encryption to ensure sufficient security for the medical records.

    I agree that US expertise should be leveraged, and I’m certain there are better and cheaper solutions out there. But it isn’t just Governments that spend huge sums of money on IT systems, because there a are productivity gains and the like to be made.

    Even the deployment of a single standalone application across the entire country is a complex task. So, no, it’s no where near “just use Access”.

  • Newton Emerson

    What if you don’t want them to share and search each other’s data?
    The case for medical research is a good one but it wouldn’t require more than an e-mail sent out and replies sent back.
    The need for actual files to be passed around is generally restricted to within hospitals (which could be done securely on the internal system) or between GPs and hospitals, which could be done by encrypted e-mail. There is no need for that dedicated fibre-optic network. The entire country can already watch streaming TV down a copper phone line. Medical records are not large files.

  • ulsterexile

    Wags? you’d think that the England football teams Wives and Girlfriends would have better things to do today, like consoling there partners after last nights lack luster performance, than mess about on EBay

  • eranu

    love that ad ! somebody is certainly earning their marketing salary.

    “Apparently the Revenue only wanted the names and Nat Insurance numbers, but someone took the decision to send the lot because separating out the two items required would be too much trouble”

    i just cant believe this story. anyone who works with database packages knows that if you only want a few fields of data you just run a query to output those fields from the database. output it to a file and mail it off. its a bog standard simple function of any database package, 2 mins work. you would never copy the entire database file.
    maybe its just because ive recently watched die hard 4, but i would laugh if this was the first cyber bank raid and millions of peoples bank accounts were emptied, right about…….. NOW !

  • kensei

    “What if you don’t want them to share and search each other’s data?”

    Then you forfeit all the possible applications of that. To repeat:

    It isn’t just Governments that spend huge sums of money on IT systems, because there a are productivity gains and the like to be made.

    If you are willing to sacrifice that, or have problems on an ideological level, then that’s fine. but it’s a separate argument.

    “The case for medical research is a good one but it wouldn’t require more than an e-mail sent out and replies sent back.”

    Complete ignorance. Having the data set available encourages research, in a way that simply would not happen when a Doctor has to respond to every request individually.

    And what I actually suggested was a way to potentially improve patient care.

    “The need for actual files to be passed around is generally restricted to within hospitals (which could be done securely on the internal system) or between GPs and hospitals, which could be done by encrypted e-mail. There is no need for that dedicated fibre-optic network. The entire country can already watch streaming TV down a copper phone line. Medical records are not large files.”

    I certainly wouldn’t like my medical records passed on the open internet. Attacks on encryption algorithms only get stronger over time.

    Simply – if it shouldn’t be passed about in the post, even encrypted, it shouldn’t be passed about on the open internet.

  • Quaysider

    I think it’s time somebody here declared their interests. 🙂

  • Suilven

    ‘Having the data set available encourages research, in a way that simply would not happen when a Doctor has to respond to every request individually.’

    It also drives a coach and horses through doctor-patient confidentiality, though, if not handled properly.

  • kensei

    I work in IT, far, far from Government.

    I don’t particularly like either side.

  • kensei

    “It also drives a coach and horses through doctor-patient confidentiality, though, if not handled properly.”

    True. But there is absolutely no need for them to known anything that could possibly relate medical records to a real person.

    There are certainly ways of doing it that maintain anonymity, but there is always risk. But it’s a separate question to cost.

  • Suilven

    ‘But there is absolutely no need for them to known anything that could possibly relate medical records to a real person.’

    In theory, yes. But it’s here we come full circle to the case at hand…

  • As Tic

    “An example I would have is speed cameras – very efficient use of IT – very good at catching speeders”

    50 to 55% of number plated capable of being identified with the others ignored?

  • kensei

    And as a little aside from the New York Times – a suggestion on how to lower massive US Health care costs:

    “Information Technologies. The American health care system lags well behind other sectors of the economy — and behind foreign medical systems — in adopting computers, electronic health records and information-sharing technologies that can greatly boost productivity. There is little doubt that widespread computerization could greatly reduce the paperwork burden on doctors and hospitals, head off medication errors, and reduce the costly repetition of diagnostic tests as patients move from one doctor to another. Without an infusion of capital, the transition from paper records is not apt to happen very quickly”

    http://www.nytimes.com/2007/11/25/opinion/25sun1.html?pagewanted=2&ref=opinion

  • Dread Cthulhu

    kensei: “There is little doubt that widespread computerization could greatly reduce the paperwork burden on doctors and hospitals, head off medication errors, and reduce the costly repetition of diagnostic tests as patients move from one doctor to another. Without an infusion of capital, the transition from paper records is not apt to happen very quickly” ”

    Ah, but there is the small matter of current regulation, kensei. It is far easier to control paper than it is electronic files of the variety lost in the story above. In fact, there are a number of disincentives, in the form of what I can only call “truncated utility” — the potential usefulness exists, but it prevented through security regulation.

    FACT: It is against regulation to e-mail or otherwise electronically transmit documents containing Health Insurance Numbers, even where the sender and recipient are entitled to that information.

    Part of this is, no doubt, fueled by some branches of the US gov’t to adopt technology — there are some software packages still mandated that more or less require one museum-piece “286” DOS computer be maintained to run them, mainly b/c the artifact of a bureaucrat doesn’t want to deal with change, so it won’t change until he’s promoted, transferred, retired or he dies.

    The other part is that fraud is profitable. There are areas where a body dares not drop a HIC number, lest it be used fraudulently twice before it hits the ground — Florida comes to mind, but there are others.

  • kensei

    Are you actually arguing for more regulation there Dread O_o?

    There are any number of possible solutions to the problem – the most straightforward one is a VPN combined with some serious encryption and I’m sure smarter people could come up with a lot better. Regulation can be used to ensure it is done, rather than banning it.

    I think the point was more along the lines of – there are cost and productivity benefits to going down that road, as well as risks.