RSS Alerts

Share

More services

Related Stories

  • Flattery will get you everywhere - social engineering and information security
    The widespread availability of personal information, along with employees being exposed to more data than they need to know, is making it easier for hackers to bypass the ‘human firewall’ of information security. SA Mathieson reports on the rising threat of social engineering
  • HM Courts Service staff breached government database of personal information
    Staff working for Her Majesty's Courts Service have breached security on the government database that stores personal data about everyone in the UK.
  • Crossing Borders: The Right Side of Wrong?
    Most nations consider travel data to be crucial to protecting national security. How that data is collected, stored, and secured however seems to be a closely guarded secret. Wendy M. Grossman investigates
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
  • Financial services security changes with the times
    Tense economic times and insider malfeasance have provided a steady stream of data breach incidents for firms both large and small. Stephen Pritchard examines what financial services providers are doing to protect their customers’ money – and information – from prying eyes

Top 5 Stories

News

Council staff breach security of National ID database

26 February 2009

The Department of Work and Pensions (DWP) have admitted that 33 public sector workers across 30 local authorities have accessed the Customer Information System (CIS) “without business justification”.

CIS will assist in shaping the biometric-based national ID card programme, currently containing biographical information on the majority of UK citizens, including benefit recipients, pensioners and anyone holding a national insurance number. Since July 2008, CIS has also provided access to HMRC tax credit data.

The breaches, dating back to 2006, were discovered via routine checks, but it’s unknown whether the breaches were made through malicious intent or misuse.

The ‘Housing benefit and council tax benefit general information bulletin’ from
15 January issued by the DWP said that the organisation “will support your [local authority] to ensure appropriate disciplinary or prosecution action is taken, and may consider prosecuting directly under social security legislation.”

In spite of the breaches, the DPW remains positive about their standards, stating that, "The small number of breaches shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage and report attempts at unauthorised or inappropriate access."

“These latest breaches highlight the general inexperience of local authorities when dealing with large amounts of sensitive data,” commented Ken Munro, director at IT security specialist, Secure Test.

“Central government understands protective marking of sensitive data, and vets staff appropriately, while many local authorities are found wanting in this area. Access to data such as this must be purely on a need to know basis, and should be carefully logged and reviewed on a regular basis.

“It is an incredibly difficult process to work out why one operator should or shouldn’t be viewing a particular record. Far better to vet the individuals concerned, so there is a far greater degree of assurance that they won’t be tempted.”

He added that “In cases like this, legislation can act as a deterrent but it’s not prevention.”

Susan Hall, partner and ICT specialist at law firm Cobbetts, remarked that “Surely this must be the final nail in the coffin for the government’s national ID card programme. If council staff are able to snoop at our records so easily and undetected for so long, then how can an even larger and more complex database be safe? Indeed - who guards the guards?

“It has been reported that ‘routine checks’ unearthed these cases” Hall continued, “but, if there are breaches dating back to 2006, then they are not proving very effective. Such negligence reinforces the need for custodial sentences for breaches of the Data Protection Act.”




 

This article is featured in:
Compliance and Policy  • Data Loss  • Encryption • Identity and Access Management  • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012