Government Departments have been trying to toughen up their procedures for protecting citizen’s personal data. This is in response to several incidents which demonstrated an extremely lax approach to data security (eg HM Revenue & Customs lost the personal records of over half the UK population).
So civil servants have now finally got the message that data security is one of their top priorities……right? Sadly, it appears not much has changed, even after all the public breast beating. How do we know? The following internal memorandum has been circulated to all staff at the Department of Work & Pensions:
Following the HMRC incident last November, increased security measures have been put in place for dealing with data transfers both clerically and electronically.
All staff should be aware of Security Notices 02/07 and 03/07 that were issued by the Departmental Security Team in December. This guidance covers data transfers and use of courier services. Information in these notices should be adhered to, in order for us to protect our customer information and the integrity of the Departments’ Security practices.
I have been advised of instances where password protected data has been sent out with the password being sent separately as detailed in Security Notice 02/07. However, once the data and the separate password are received, staff are then forwarding the data and password on together, this defeats the purpose of the security measure entirely.
Could I ask you to remind staff of the heightened security surrounding data transfer and ensure that data and passwords are sent separately.
So there you have it. Staff are forwarding citizen’s private data (mainly via CD) and putting the password to access the CD data in the same envelope.
It’s the stupidity of big government.
H/T Dizzy
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment