BBC NEWS | UK | Questions asked after data loss
Peter Tomlinson
ukcrypto at chiark.greenend.org.uk
Fri, 22 Aug 2008 08:13:13 +0100
Ian Batten wrote:
> http://news.bbc.co.uk/1/hi/uk/7575989.stm
One of the flaws in large parts of the public sector, also applying to
some of its acolytes, is the divide between management and
implementation. Over some 8 years now I have several times rubbed up
against PA over its failure to understand information security
(including data protection implications) in relation to the utility of
public services using certain ICT methods. Now one of the tasks that I
have is working with a very small trade association, in the course of
which we were involved in the development of the ENCTS (bus passes in
England to you), where a misleading document called the Plain English
Guide was published by DfT - the source was PA. In one of its first
pro-active actions, the ICO ensured that the document was altered to
remove misleading advice to LAs that might well have resulted in
personal data of pass holders being stored in the chip in the passes in
a way that was insecure. PA are management consultants in the area with
which we were concerned, not technical.
Peter