I rarely just post the straight details of a story elsewhere but that's usually because I tend toome to things late. I've no idea how widely known this story is but it merits as much publicity as possible - particularly in light of the government's ludicrous ID Card scheme. From Nick Cowen on the Civitas blog:
"A terrorised pensioner died of a heart attack during an attack on his home in a dispute over a parking space at a supermarket. What makes this story especially worrying is that a policeman (and friend of the defendants) traced the 79-year-old by his car registration number, using the police national computer database. There is no word in the news on what legal action the policeman will face, which is strange considering that accessory to manslaughter would be appropriate. This use of officially private but widely accessible personal information is becoming an increasing occurrence.I have no great influence in the blog world but if you do and happen to be reading this please highlight it....
In cases such as this, it would actually be relatively easy for the public sector to take steps to protect people who have already been established as vulnerable. It would be a simple matter of giving all national records associated with that person a higher level of clearance in order to be accessed. This way, not absolutely anyone working for the Department for Work and Pensions, the Police, the National Probation Service, the Driver and Vehicle Licensing Agency… (the list goes on for a surprisingly long time)… would be a potential leak of that individuals whereabouts. Instead those records would have to be accessed by a more experienced and more trusted employee, such as a manager at a Job Centre rather than a relatively recent recruit. Of course, this would not protect people who are not yet known to be vulnerable but it would be a start. Furthermore, any workers who deliberately leak information to parties who intend or go onto commit criminal acts should face immediate dismissal and criminal prosecution themselves. In the long-term, it should be considered whether it really is good security practice to give public sector employees (who are, after all, mere humans with their own interests and connections) access to such large chunks of private information.
That a policy along those lines has not been implemented demonstrates quite how seriously the state takes being made an accessory to abduction and (now) manslaughter: they are not "bovvered". In such a context, it is hardly surprising that a growing proportion of the public are opposing the next stage in the database state: national ID cards."
1 Comments:
It’s certainly a shocking story, but I’m not sure about Nick Cowen’s prescriptions. As someone employed by one of the public sector organisations he castigates then I can say that where I work it is far from the case that “absolutely anyone” can access the database already, that particular records can be further restricted to more senior personnel if required, and that any worker who leaks personal information for any reason at all is already guilty of a breach of the data protection act and liable to be dismissed, so the simple policies he wants implementing are already in place The access some people are given to private information is strictly required for them to do their job – witness a colleague of mine whose clearance was rescinded the minute she moved departments – and while getting only more trusted employees to access confidential information may be fine in theory, in practice a test for trustworthiness is tricky to pull off. It is also usually the more lowly grades that access the information itself because that is their job; many managers can’t because they don’t need to, and are probably unable to, and in any event there is nothing to suggest that the policeman involved in this story wasn’t an otherwise trusted and senior officer.
I’m also not sure why Nick Cowen has turned this into a specific criticism of the public sector. When I worked in the private sector I had free access to even more information than I do now, including financial data, and there seemed a much more lax data protection regime, although that was several years ago so times may have changed. Still, if the offenders in this story hadn’t known a policeman, but had instead known someone who works for Tesco Clubcard, then they could probably have used that database instead, to the same effect. The problem with any database is that some people are going to be able to access it, that’s why they’re there, and it is nigh on impossible to prevent a determined person from using data maliciously if they so wish. What has to be balanced is whether concocting a database with those risks inherent is worth the good that can come out of the database.
As for ID cards then, as I have yet to hear a single good reason for them and the associated database they rode in on, it is clear to me that the intrinsic downside is they have going for them, so thanks but no thanks.
Post a Comment
Links to this post:
Create a Link
<< Home