Saturday 30 July 2011

Barnet Council IT scandal - Your personal data is not safe or secure

As I read the recently released FOI requests, it just gets worse and worse. It appears that highly sensetive Council data is not being stored securely. Worse than this, staff can access it at home and email it without anyone being able to trace it. This is a scandal of the highest order. It is possible that all manner of sensitive information may have been leaked to God knows who? The worst aspect of this is that all manner of information could have ended up in the hands of the wrong people and NO ONE CAN TELL. It also appears to me that IT subcontractors, who don't even work for the council may have been able to access commercially sensitive data. In short, Barnet Council's whole system of control, security and audit has effectively been bypassed. Any public organisation should make data security their no 1 issue. The fact that the situation is out of control, is probably the most damning indictment I have ever seen of a local authority.

This is on page 4 of the report - IS Action Plan Final (redacted).pdf - sent to me in response to my FOI request. What alarms me most is that there is no action to try and ascertain whether any potentially criminal access has been made of data. Surely that must be the first action if data is compromised. In light of this latest admission, the senior management team, including Nick Walkley really should consider their positions. If they won't maybe the new leader of the Council, Richard Cornelius should consider it for them.

And as for the fact that there is no plan for disaster recovery. That is surely one of the worst acts of negligence, especially as the data centre is at risk of fire and being eaten by rats. Absolutely unbelievable.

 As ever, click on the image for a more readable version.

No comments: