Myreader.co.uk  
uk news, chat and community
   home   |   control panel login   |   archive   |  
 
misc
announce
answers
consultants
d-i-y
environment
environment.conservation
gov.agency.csa
gov.local
gov.social-security
gov.social-work
misc
philosophy.atheism
philosophy.humanism
philosophy.misc
radio.amateur
railway
sci.astronomy
sci.med.nursing
sci.med.pharmacy
sci.misc
sci.weather
singles
telecom
telecom.broadband
telecom.mobile
telecom.voip
test
transport
transport.air
transport.buses
transport.ferry
transport.london
transport.ride-sharing
  
 
date: Wed, 21 Nov 2007 09:27:54 -0800 (PST),    group: uk.gov.social-security        back       
Re: The Department for Work and Pensions' record on protecting your personal information    
On 21 Nov, 15:30, Robbie  wrote:
> Syberian wrote:
>
> > "Phil O'Sofa"  wrote in message
> >news:alm7k3ps4s0f1v2fmh9unfai298sul9gkg@4ax.com...
> >> On 22 May 2006 17:48:20 -0700, New Deal Veteran wrote in
> >> uk.politics.id-cards :
>
> >>> In the early weeks of this year I discovered that the private details
> >>> of over 5800 people had been left on an unprotected computer desktop
> >>> for two weeks.  The computer was one of ten PCs in the internet access
> >>> room of a company called 'Instant Muscle Ltd', on Powis Street in
> >>> Woolwich London.
>
> >>> These computers were available & intended for use by dozens of
> >>> unemployed people on the government's New Deal IAP scheme. None of
> >>> these people had individual user accounts, no passwords were required
> >>> to view or copy any data left on the desktop by other users.
>
> >>> The trouble was that some of those other users were Instant Muscle
> >>> staff themselves.  One member of staff left behind a couple of files
> >>> they had been using to generate junk mail for the company...
>
> >>> How were they generating this junk mail?  They were extracting people's
> >>> names and addresses from an Excel spreadsheet.
>
> >> So we've been here before then?
>
> > Don't think the latest incident was the DWP's fault, think the loss of
> > information came from HMRC this time.
>
> well, parts of the HMRC perform functions that used to be part of the
> DWP / DSS. Child Benefit used to be administered by social security and
> a lot of the working practices are much the same as they were under the
> previous government department. Though in this case it was (seemingly)
> an error on the part of someone who appeared either not to know the
> procedure of how this data should be sent or wasn't being supervised
> adequately enough when performing their tasks.
>
> --
> Robbie- Hide quoted text -
>
> - Show quoted text -

Extracting this kind data held on the DWP systems is simply not
possible by rank and file processors.  It requires a specific scan of
an offline copy of the database (GMS).  When I have requested scan
data I've had to sign a request which was authorised by the office
manager and given an undertaking regarding access, keeping it secure
and retention.  I was under no illusion what my responsibilities were
and this was a scan of only a few thousand cases.
I would expect the HMRC to have similar in place. What I want to know
is WTF the NAO needed my bank details - they were not making payments
nor checking they'd gone in, the NAO is a high level audit.
As many of these customers won't be on any other benefits or credits I
suspect that if the info gets into the hands of criminals they will
use it to make false claims en-mass.
Attempts to use stolen ID details do occur already, I've come accross
a few and it's only because there were existing claims they were
picked up.  Had they been taxpayers with no benefits they could have
gone undiscovered for many many years.


Mike
date: Wed, 21 Nov 2007 09:27:54 -0800 (PST)   author:   Mike

Google
 
Web myreader.co.uk


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us