Database problems...

Page may contain affiliate links. Please see terms for details.
I would say that there would be a very good case for civil action in the event that any loss or damage could be shown.

I think it is pretty amazing but not surprising.
 
Quite pleased we haven't registered my week old son yet :bannana:

I once picked up a large parcel (motorbike fairings) from Camden post office a couple of years ago. The guy behind the counter took me into the warehouse and the piles of stuff lying around was staggering... this was a normal working day no strikes or anything. Trolleys full of double beds, battered parcels etc.

The system seemed to work though - after 15 mins of talking to various drivers my parcel appeared from an adjoining warehouse.

I imagine the cd rom will turn up in a few years.



Ade
 
I would say that there would be a very good case for civil action in the event that any loss or damage could be shown.
They would claim Crown Immunity.
 
Is it just me or does the fact that a 'junior member of HMRC' has access to this level and volume of data not concern us?

Heads should roll. A lot of heads.
 
Is it just me or does the fact that a 'junior member of HMRC' has access to this level and volume of data not concern us?

Heads should roll. A lot of heads.

Having dealt with C&E around a year ago I was amazed at the level of information that a third party could extract from a spotty faced clerk just by asking.
 
The fact that it is on CD's means that it is not even encripted.
I remember a certain building society being fined £1M for 'losing' a laptop with unencripted data.
I wonder how much this will cost?

Sounds unlikely to have any encryption. For the life of my I can't work out why it wasn't electronically transfered.

It doesn't matter what it costs 'cos Joe Public ends up paying.
 
The fact that it is on CD's means that it is not even encripted.
I remember a certain building society being fined £1M for 'losing' a laptop with unencripted data.
I wonder how much this will cost?

My first thought was - they MUST have some level of software encryption... only a buffoon would post a transcript of such a confidential database in plain text...

Then I read some more... I'm shocked. Its amazing how much trouble people go through just to provide some security to a system, and then its all defeated by one moron...

</rant>

Michele
 
Not knowing what really happened (ie not believing a word the daily mail prints)

I really feel for the guy who sent it...
I'm sure they (tax office) have procedures for sending this sort of information - I do know the NAO always ask for raw data from government departments so this is a regular thing.
The chap was probably only following procedure and if he wasn't then he shouldn't be in a position where he could fook up so royally... I blame the management ! They should be responsible for his actions

sorry for ranting !
 
Not knowing what really happened (ie not believing a word the daily mail prints)

I really feel for the guy who sent it...
I'm sure they (tax office) have procedures for sending this sort of information - I do know the NAO always ask for raw data from government departments so this is a regular thing.
The chap was probably only following procedure and if he wasn't then he shouldn't be in a position where he could fook up so royally... I blame the management ! They should be responsible for his actions

sorry for ranting !

You can't say that - it may be that this person ignored what he was told - we simply don't know.

However, no one should be a scapegoat. Those responsible should be identified and then the appropriate action taken. If that is a junior officer ignoring his instructions, then he should face the penalty. If it was management ignoring the rules, then he/she/they should take the blame and penalty.

I know Paul Gray, he used to work here as head of Pensions Policy. He is a nice bloke and I think he has done the honourable thing - but can he be held to account for what an officer has done? I think he is accountable for the behaviours of his organisation and if it is poor management behaviours then he is culpable. If it is this individual's fault then it begs the question.

There is so much to this story that we will never know. There needs to be a full investigation to identify just what went wrong and where. Did NAO demand information they shouldn't along with many other questions need to be answered.

I don't actually think there is a real risk. The discs will be lying with some other lost TNT mail somewhere, or supporting someones coffee mug. But the fear factor is emmense and that all this information as able to be sent in one complete set has identified a huge security loophole that needs addressing.

I was gobsmacked when I heard a helpline was running - as you would expect - but that it was an at cost number - not freephone! Now that is rubbing salt into the wound.

Just my two penn'orth
 
You can't say that - it may be that this person ignored what he was told - we simply don't know.

However, no one should be a scapegoat. Those responsible should be identified and then the appropriate action taken. If that is a junior officer ignoring his instructions, then he should face the penalty. If it was management ignoring the rules, then he/she/they should take the blame and penalty.

I know Paul Gray, he used to work here as head of Pensions Policy. He is a nice bloke and I think he has done the honourable thing - but can he be held to account for what an officer has done? I think he is accountable for the behaviours of his organisation and if it is poor management behaviours then he is culpable. If it is this individual's fault then it begs the question.

There is so much to this story that we will never know. There needs to be a full investigation to identify just what went wrong and where. Did NAO demand information they shouldn't along with many other questions need to be answered.

I don't actually think there is a real risk. The discs will be lying with some other lost TNT mail somewhere, or supporting someones coffee mug. But the fear factor is emmense and that all this information as able to be sent in one complete set has identified a huge security loophole that needs addressing.

I was gobsmacked when I heard a helpline was running - as you would expect - but that it was an at cost number - not freephone! Now that is rubbing salt into the wound.

Just my two penn'orth

Nice bloke he may be but http://www.clickdocs.co.uk/glossary/vicarious-liability.htm
 
I was gobsmacked when I heard a helpline was running - as you would expect - but that it was an at cost number - not freephone! Now that is rubbing salt into the wound.

I wouldn't worry about people recieving a phone bill for this...they won't have any money left in their accounts to pay the bill.

And it would be a brave organisation that then went on to sue for the cost....
 
You can't say that - it may be that this person ignored what he was told - we simply don't know.

However, no one should be a scapegoat. Those responsible should be identified and then the appropriate action taken. If that is a junior officer ignoring his instructions, then he should face the penalty. If it was management ignoring the rules, then he/she/they should take the blame and penalty.

I know Paul Gray, he used to work here as head of Pensions Policy. He is a nice bloke and I think he has done the honourable thing - but can he be held to account for what an officer has done? I think he is accountable for the behaviours of his organisation and if it is poor management behaviours then he is culpable. If it is this individual's fault then it begs the question.

There is so much to this story that we will never know. There needs to be a full investigation to identify just what went wrong and where. Did NAO demand information they shouldn't along with many other questions need to be answered.

I don't actually think there is a real risk. The discs will be lying with some other lost TNT mail somewhere, or supporting someones coffee mug. But the fear factor is emmense and that all this information as able to be sent in one complete set has identified a huge security loophole that needs addressing.

I was gobsmacked when I heard a helpline was running - as you would expect - but that it was an at cost number - not freephone! Now that is rubbing salt into the wound.

Just my two penn'orth

It has to be a management failing as there shouldn't be the facility available to a junior operative to download unencrypted data without a higher level of authority. Many commercial enterprises apply such policies.

Even then it appears that the operative followed procedure and put the disks in the 'internal' post. Not really his issue if that is the normal method of transporting such files.

It appears as if the system doesn't have adequate security measures.

If I had the option of retiring on full pension with no loss of earnings I wouldn't be too bothered about failings within the organisation and falling on my sword. As it is I dont get that option, or even a pension come to think of it...:rolleyes:
 
It has to be a management failing as there shouldn't be the facility available to a junior operative to download unencrypted data without a higher level of authority. Many commercial enterprises apply such policies.

Even then it appears that the operative followed procedure and put the disks in the 'internal' post. Not really his issue if that is the normal method of transporting such files.

It appears as if the system doesn't have adequate security measures.

If I had the option of retiring on full pension with no loss of earnings I wouldn't be too bothered about failings within the organisation and falling on my sword. As it is I dont get that option, or even a pension come to think of it...:rolleyes:

But we don't know that he downloaded it and posted it. And again the word "if" comes up - but we don't "know".

Certainly putting disks in the internal post is normal practice - but not disks containing personal data. I know people who work with me who have had to personally deliver data to places like the NAO because they are not to be put in any postal system - internal or external.

If a management failing is found then yes Paul should go and probably others too. But the investiagtion to identify what went wrong and who is to blame needs to be done first without all the speculating and guessing games.
 
Certainly putting disks in the internal post is normal practice - but not disks containing personal data. I know people who work with me who have had to personally deliver data to places like the NAO because they are not to be put in any postal system - internal or external.

We follow that exact policy... If the data is confidential (be it encrypted or clear) it MUST be hand-delivered. I've spent a few journeys between our offices (which takes about an hour) just to get a hard drive with enrollment details - nothing too compromising...

Working in a school, I've gotten quite a few worried people here - lots of the teachers here have kids...

Looking at it from the bright side, by the time ID-card are implemented, they will already have had their teething problems and (hopefully) sorted out these issues...

Michele
 

Users who are viewing this thread

Back
Top Bottom