Thursday, November 22, 2007

I Don't Get It.

This data protection scandal has left me confused about even more things than usual. First of all why is it Alastair Darling who is being blamed when the lax security procedures were clearly in place before he took over, shouldn't the blame be laid at the feet of Gordon Brown? Secondly why on earth did the government lie and claim that the disks were sent by a junior official rather than a senior official as appears to be the case? Surely if junior staff members had easy access to the personal details and bank details of 25 million people as a matter of routine then that is even worse than a one off blunder by a senior official.


Surreptitious Evil said...

You have a distinction between the official who approved the process (apparently now reasonably senior and the approval copied to a very senior one), the ID dept guy who cut the disks and the minion who actually put them in the post (who may be the IT guy.)

If you believe that relatively junior IT people don't have access to huge amounts of data, through "back-office" systems, in anything other than the most paranoidly configured operations, you are in for a shock. Normally, for example in banking, they can access the data (for backups, generating business intelligence reports, etc) but generally cannot access the operations front-end, containing the payments or similar applications necessary to directly abuse it.

As this issue has come directly from a matter of back-office access rather than operational abuse, some of that sort of control would not be relevant.

I would assume that the call-centre person we all deal with when we have a tax problem will have a different and heavily restricted interface rather than, say, the ability to run direct SQL commands.

Ross said...

Thanks for the reply.