To say i was shocked is an understatement. I was completely gob-smacked that a UK government agency can spend (presumably) millions of our IT pounds storing and using our personal data and then proceed to take it out of its secure IT centers and take it away from the application protections, audit trails and procedures and put the data onto CD's (All of our personal data) and post it to the National Audit Office. To say its the fault of a junior member of staff may be true in literal sense but presumably someone asked him to send this data to the NAO? - he would not have just decided to do it all on his own. Also why is a junior member of staff allowed to access all of the data and why is he allowed to download it from the HMRC systems and put it onto CD's?. The fact that this was done and seems to be a planned action points at support people who have high levels of access.
The BBC has a nice timeline of events in a page - Lost CD's - Sequence of events
and also a write up of the events in a story Brown apologises for records loss"
I personally am angry as my children get child benefit along with almost all other children in the UK, now my details that i entrusted to the government are floating around an office, post office or who knows where waiting for someone to get at them.
The timeline above is amazing. It states that the first set of two disks with password protected records - (what is used? - MS Excel Password, Winzip, what?) went missing and when they package failed to arrive they sent a second one. This is in addition to the record that a juior official (doesnt say if its the same one?) sent a full copy of HMRC child benefit data to the NAO, it goes on to say that that data is returned. Does this mean the CD's were posted back? - if so how do we know that the data was wiped from everywhere it was written to at the NAO?
To download all of this data once and write it to CD's is bad, but to do it again and again is crazy. How does a junior official get access to a system to download all the personal details and to then write them to CD in the fisrt place?
The moral of this story? - database security is complex, its complicated to design, implement, to harden existing systems and more but the data has no security at all if you take it from the databases and away from the RBAC, the audit trails, the procedures and write it to CD or disc or any other medium. it bypasses the security completely.
I have to ask another question. If this action had not gone wrong and the CD's had arrived, presumably someone in the NAO, loaded the data onto other systems, who controls the CD's, where would they be kept, would they be destroyed, what about the data on the NAO analysts machines, how is that protected - MS Excel password?, how long is it kept, how is it destroyed?
There are so many questions, this is why database security is so important, our personal details, NINO, bank accounts, names, childrens names and more? should be held in secure databases and audited, protected with strong RBAC, accessed by authenticated and authorised users only and much more, my data and that of every other parent in the UK should not be taken from the secure database and applications and sent to anyone on a CD. There is no security whatsoever on a CD that is password protected.
As i said - Gob-smacked!!!