Why is no one laughing MarkII

[Guest Tracker]

A friend had a case of ID fraud recently and when he contacted his bank they immediately and without fuss closed his account, opened a new account and simply switched all his dds etc over.

 

It really was that simple so don't be put off by the fear of the unknown.

 

If you bank with one of the 'big 4', and your banking needs are straightforward, this might be as good a chance as any to switch to a more friendly bank that consistently gets good customer care reviews - such as maybe Nationwide or Smile?

 

It's an ill wind that blows nobody any good!

[GJH]

Tony Jones - 2007-11-21 9:04 AM

 

malc d - 2007-11-20 11:42 PM

 

If the National Audit Office wanted to audit the Revenue people in Newcastle they should have gone up there to do it, then there would have been no risk of data being lost in transit.

 

 

Probably didn't know where it was, or didn't fancy a jolly up there.

 

Tony

Could be right Tony - it's bad enough living this close :-D

 

Actually, though, I believe the office is on Wearside rather than Tyneside so it's the Mackems not the Geordies :-D

 

Malc D makes a good point about procedures being reviewed. At the same time they should also be looking at how procedures are actually adhered to (or not). One of the problems with the public sector in recent years is that organisations can meet government standards by putting procedures in place - and some people think that is the end of the game and that once they are in place they can be ignored.

 

Graham

[twooks]

according to the bit I saw it was actually Washington :-> :->

so there :-> :->

 

 

but in an area of unemployment - which the north east usually is - what often happens is that you get over qualified staff doing boring jobs with little or no option for initiative or input - result mind numbing frustration and boredom and resentment

 

NAO should've gone up there and done their job properly, ime when the NAO staff do their job properly they are good - but .. .. .. .. .. ..

can't audit stuff that's 200 miles away

 

 

B-)

[GJH]

twooks - 2007-11-21 12:46 PM

 

according to the bit I saw it was actually Washington :-> :->

so there :-> :->

Washington comes under SunLun council so they count as Mackems these days :-> :->

 

twooks - 2007-11-21 12:46 PM

NAO should've gone up there and done their job properly, ime when the NAO staff do their job properly they are good - but .. .. .. .. .. ..

can't audit stuff that's 200 miles away

Have to disagree I'm afraid Twooks. Some audits require a visit to premises but what happens with this type of audit is that the NAO (and similar bodies) simply request certain non-personal information which they can manipulate in their own offices.

 

The bodies (like HMRC) which hold the files should extract the information required whilst leaving the personal data behind. Because the resulting extract contains nothing sensitive the means of transmission is much less important.

 

Where HMRC have gone wrong is in sending off a copy of the full database rather than an extract.

 

Graham

[michele]

Can someone tell me is it only Child Benefit money ?

Could it also be DLA from Blackpool ?

[Mel B]

Got a request this morning from the CSA asking me to confirm that a person used to work for us and also to give them the person's car type and vehicle registration number! Apparently our Human Resources office couldn't answer the bit about the car so passed it to me!!!! I said I couldn't give any information at all due to Data Protection etc, they said that's okay they'd fax me a Section 15 summut to allow me to do it. Got that and rang them back to confirm receipt as they'd asked, but they didn't answer the phone officially, just said "Hello and their name". Told them it was being passed on to be dealt with and someone would get back to them (holding tactic). I then referred it up to one of our senior staff and the security manager to look into. I can't understand why they were asking me for their car details ... DVLA comes to mind!!!

 

Can't be toooooooo careful can we now! 8-)

[twooks]

GJH - 2007-11-21 1:56 PM

 

twooks - 2007-11-21 12:46 PM

 

according to the bit I saw it was actually Washington :-> :->

so there :-> :->

Washington comes under SunLun council so they count as Mackems these days :-> :->

 

 

 

Graham

 

 

ooh that's fighting talk Graham, I have friends there who'd string you up for an insult like that >:-)

 

never understood it myself, I support all north east things - well almost - and I'm even prepared - under pressure to include smoggies in that - even adopted ones - even though 'tis the wrong side of the river - it 's at least north of the Humber :D :D

 

B-)

[twooks]

Mel B - 2007-11-21 2:10 PM

 

Got a request this morning from the CSA asking me to confirm that a person used to work for us and also to give them the person's car type and vehicle registration number! Apparently our Human Resources office couldn't answer the bit about the car so passed it to me!!!! I said I couldn't give any information at all due to Data Protection etc, they said that's okay they'd fax me a Section 15 summut to allow me to do it. Got that and rang them back to confirm receipt as they'd asked, but they didn't answer the phone officially, just said "Hello and their name". Told them it was being passed on to be dealt with and someone would get back to them (holding tactic). I then referred it up to one of our senior staff and the security manager to look into. I can't understand why they were asking me for their car details ... DVLA comes to mind!!!

 

Can't be toooooooo careful can we now! 8-)

 

*-) must be reassuring for you to know your HR mob are on the ball then Mel *-) , hope your security lot will direct a rocket up there as well *-)

 

B-)

[GJH]

michele - 2007-11-21 1:58 PM

 

Can someone tell me is it only Child Benefit money ?

Could it also be DLA from Blackpool ?

No Michele, it's confined to Child Benefit records processed at Washington.

 

Graham

[GJH]

Mel B - 2007-11-21 2:10 PM

 

Got a request this morning from the CSA asking me to confirm that a person used to work for us and also to give them the person's car type and vehicle registration number! Apparently our Human Resources office couldn't answer the bit about the car so passed it to me!!!! I said I couldn't give any information at all due to Data Protection etc, they said that's okay they'd fax me a Section 15 summut to allow me to do it. Got that and rang them back to confirm receipt as they'd asked, but they didn't answer the phone officially, just said "Hello and their name". Told them it was being passed on to be dealt with and someone would get back to them (holding tactic). I then referred it up to one of our senior staff and the security manager to look into. I can't understand why they were asking me for their car details ... DVLA comes to mind!!!

 

Can't be toooooooo careful can we now! 8-)

You did exactly the right thing Mel. I would always require a written notice demonstrating that the information was required for a purpose allowed by law before I would allow disclosure.

 

One thing you have to watch, though, is that everyone in the organisation is aware of that requirement. I've had to kick backsides where a request went to another section and data were disclosed without a notice being obtained.

 

Graham

[GJH]

twooks - 2007-11-21 2:29 PM

 

never understood it myself, I support all north east things - well almost - and I'm even prepared - under pressure to include smoggies in that - even adopted ones - even though 'tis the wrong side of the river - it 's at least north of the Humber :D :D

 

B-)

Well, I suppose it's not quite as bad as that Humberside area between York and Lincoln >:-) >:-) >:-)

 

Graham

[CliveH]

Hi Mel & Graham

 

Re the request for info from the CSA, I find this most odd. I am "Data Controller” here as we are registered with the Information Commissioners Office.

 

There is no way the rules allow you to pass that information on without breaking said rules.

 

I think it is breaches such as this that the Information Commissioner was (quite rightly) getting so angry about on the TV news this lunchtime.

 

If we ever received similar I think I would write back saying that as Data Controller for the firm I decline to provide the information and Quote the Act of 1998.

 

I actually think some good may come out of this!

 

Not just the end of the ridiculous ID Cards idea, - The concept of which I have no real issue with as I have a Passport, NHS Card, Drivers licence, but based upon my experience of ANY Government run database - it will all go horribly pear shaped sooner rather than later.

 

In the meantime if we get tough with those that put us at risk, then this can only be a good thing - well overdue based upon what the head Information Commissioner was saying.

 

[GJH]

CliveH - 2007-11-21 4:22 PM

 

Hi Mel & Graham

 

Re the request for info from the CSA, I find this most odd. I am "Data Controller” here as we are registered with the Information Commissioners Office.

 

There is no way the rules allow you to pass that information on without breaking said rules.

 

I think it is breaches such as this that the Information Commissioner was (quite rightly) getting so angry about on the TV news this lunchtime.

 

If we ever received similar I think I would write back saying that as Data Controller for the firm I decline to provide the information and Quote the Act of 1998.

Sorry Clive but such disclosure doesn't breach DPA 1998. The Act has a number of exemptions which allow disclosure for particular purposes - basically where the public interest is served by the disclosure.

 

The exemption which the CSA use is in S35(1) "Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.". I can't remember the particular legislation but there are statutory powers under which the CSA etc are able to require that information is provided to them.

 

What Richard Thomas was (rightly) expressing concerns about in the lunchtime interview was the security surrounding the transmission of the data from the data controller to the agency requesting it.

 

I was pleased to see that it appears that the ICO will be given greater powers of investigation and prosecution - I just wonder why Brown gave the job of investigating HMRC to Price Waterhouse rather than to ICO.

 

Graham

[twooks]

GJH - 2007-11-21 3:55 PM

 

twooks - 2007-11-21 2:29 PM

 

never understood it myself, I support all north east things - well almost - and I'm even prepared - under pressure to include smoggies in that - even adopted ones - even though 'tis the wrong side of the river - it 's at least north of the Humber :D :D

 

B-)

Well, I suppose it's not quite as bad as that Humberside area between York and Lincoln >:-) >:-) >:-)

 

Graham

 

 

far as I can see the yorkshire bit of that doesn't exist - for the Post Office, BBC [Tv & Radio] commercial Tv & Radio - although apparently we have more pigs than anywhere else in the country - and it's still north of the 'umber!

 

I'll leave the rest to Mel - I'm just an immigrant here and have to behave or they'll cancel my visa - especially since oh is a lanky - don't want to get chucked out just yet

 

B-)

[twooks]

GJH - 2007-11-21 4:35 PM

 

 

 

I was pleased to see that it appears that the ICO will be given greater powers of investigation and prosecution - I just wonder why Brown gave the job of investigating HMRC to Price Waterhouse rather than to ICO.

 

Graham

 

not just PW but also those old rogues C00p3r$ - they were the auditors for just about every roping deal going at one time - eg Maxwell

 

 

 

B-)

[michele]

Let me tell you all a Michele story in Michele speak.

 

Today I got a book for Rosie the child with the Disabilities

Its from Connexions for those of you whom dont know Connexions helps children get employment once they have left school and or helps them into what ever . At first I though idiots she will never be able to do anything let alone work . Then I laughed as I had a thought I thought maybe I should phone them up and ask them to get her a job :D Wicked I know .

 

Inside this book was a letter telling you what you are entitled to from the Child Benefits office.

knowing that my daughter does not receive anything and not knowing why I thought I would phone . Afetr waiting and waiting because they are busy with the DISC LOSS I finally got through I explained to the lady that my daughter is in a full apprentership .......reply she gets nothing OK.

Lets move on to my son he's 16 and he is working three days a week and goes to college at night . At night she said how many hours 5 I said well you cant have anything for him either ?. So I explained that he will be going into his apprentership in SEp if all goes well and about the fact that he works less than 24 hours which it states he is allowed to do.

Turns out no I get nothing for him and any money that they have paid me for my son since he left school in July will be claimed back by them ..........

 

There you go thats what you get for being honest . So moral of the story is keep your gob shut dont be honest and dont keep your kids yourself because you get nothing for not letting sign on and ponce off of society .

Dont kick them out the door to learn work ethics .

I GIVE UP! (lol)

[GJH]

michele - 2007-11-21 5:39 PM

 

for those of you whom dont know Connexions helps children get employment once they have left school and or helps them into what ever .

Blimey are they still peddling that old fable >:-)

 

This actually made me laugh because I had quite a few problems with Connexions when they started out. The people I was dealing with locally just didn't understand data protection, data sharing and the S35 exemption I mentioned earlier.

 

They were demanding supply of data to which they had no right unless they had the consent of the data subject and it was only after protracted correspondence with their head office in Sheffield that I got the message into their skulls.

 

Graham

[michele]

Nothing suprises me any more .

Tonight I got a letter from the school . The letter asks if we would kindly fill out a form for the school about us and the child and tell them what disabilities we have ?>......

Then it goes on to say ...What disabilities does the child have ?

What disabilities do we have ?

 

Hello she has been going there for five years and now they are asking ?

And we are not the parents and what if anything is wrong with us is nothing to do with them ?

Sorry something not quite right about it . I have not answered it but I have forwarded it on to the SW to answer on the condition she does not mention us ..that must be Data protected thats our business.

 

I mean can't exactly put that I'm as mad as a march hare can I

:D :D :D

[CliveH]

Fair play to you for not playing "there game" Michelle.

 

I remember that even with the census where you are obliged by law to answer it - many people put "Jedi" down as their religion.

 

Sometimes when you are forced to do something, poking fun at "them" is better than poking "them" with a stick!

[GJH]

michele - 2007-11-21 11:50 PM

 

Nothing suprises me any more .

Tonight I got a letter from the school . The letter asks if we would kindly fill out a form for the school about us and the child and tell them what disabilities we have ?>......

Then it goes on to say ...What disabilities does the child have ?

What disabilities do we have ?

 

Hello she has been going there for five years and now they are asking ?

And we are not the parents and what if anything is wrong with us is nothing to do with them ?

Sorry something not quite right about it . I have not answered it but I have forwarded it on to the SW to answer on the condition she does not mention us ..that must be Data protected thats our business.

 

I mean can't exactly put that I'm as mad as a march hare can I

:D :D :D

The second and third Data Protection Principles state "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes" and "Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed".

 

One of the fundamentals of gathering Sensitive Personal Data such as disability information is to explain fully why the information is required and what it will be used for. If the letter does not contain that explanation I should write back to the head and the chairman of the governing body asking for a full explanation and why it wasn't provided in the first place.

 

I should also ask what Data Protection training the staff and governors of the school have had and for details of what Data Protection considerations were involved in preparing and sending the letter.

 

Graham

[michele]

Oh they did explain . In their words the data is gathered to further help the community ? Hello they think I'm stupid.

They cant even help the kids in the school let alone anywhere else.

Anyway I have been through one hedge so I'm not keen to give them more trimmers so to speak.

 

Big brothers everywhere and these muppets (SOME ) of the staff dont know what they are doing regarding the Data Protection Laws.

[parkmoy]

As I said in an earlier post I'm not downplaying the seriousness of this but I don't think we should panic too much.

Think about it, if there's a criminal clever enough to a) get the disks, b) bypass the password protection c) utilise the info revealed, surely they are clever enough to copy the disks and allow them to be found again within a very short time - certainly well before the hooha that we now have, started. They certainly wouldn't be daft enough to compromise the value of the information, as is now the case, by putting everyone on their guard.

I predict that we will find this is the usual admin cock up that occurs in large unwieldy organisations and nothing more. It is however a salutary wake up call as to how we deal with sensitive data and we should be more worried by the apparent ease with which this data can be copied in the first place. How easy would it be to offer a large sum to a low paid employee for a copy, if indeed it hasn't already happened?

Getting authority to make copies of such sensitive information should be as difficult as obtaining the keys to the vaults of the Bank of England.

It's so good to see the media which was so concerned yesterday are now concentrating on much more important matters. After all, what will the England players find to do next summer. >:-)

[GJH]

michele - 2007-11-22 8:55 AM

 

Oh they did explain . In their words the data is gathered to further help the community ? Hello they think I'm stupid.

Hardly specific enough in my view. Had it been a school asking advice from me when I was working I'd have told them to go back and do a lot more thinking.

 

Graham

[GJH]

parkmoy - 2007-11-22 10:30 AM

 

As I said in an earlier post I'm not downplaying the seriousness of this but I don't think we should panic too much.

Think about it, if there's a criminal clever enough to a) get the disks, b) bypass the password protection c) utilise the info revealed, surely they are clever enough to copy the disks and allow them to be found again within a very short time - certainly well before the hooha that we now have, started. They certainly wouldn't be daft enough to compromise the value of the information, as is now the case, by putting everyone on their guard.

.

.

.

.

.

.

It's so good to see the media which was so concerned yesterday are now concentrating on much more important matters. After all, what will the England players find to do next summer. >:-)

The media have certainly indulged in too much scaremongering but as to criminals getting access to the data, the hardest bit would be actually getting hold of the CDs.

 

parkmoy - 2007-11-22 10:30 AM

How easy would it be to offer a large sum to a low paid employee for a copy, if indeed it hasn't already happened?

There were a number of instances a few years ago of low paid employees of call centres in the third world being paid to steal information so that has happened already.

 

parkmoy - 2007-11-22 10:30 AM

I predict that we will find this is the usual admin cock up that occurs in large unwieldy organisations and nothing more. It is however a salutary wake up call as to how we deal with sensitive data and we should be more worried by the apparent ease with which this data can be copied in the first place.

Getting authority to make copies of such sensitive information should be as difficult as obtaining the keys to the vaults of the Bank of England.

It is more than an admin cock-up though. Requests such as the one which HMRC received from NAO do not go to junior staff in the first place, they are addressed to senior managers. A procedure might then be set up where subsequent approaches are sent to a named person or office holder, who might hold a relatively junior position.

 

However, that procedure should also include appropriate security, including creation of a data extract rather than a complete copy and transmission by secure means. If such a procedure has either not been created or has not been followed then that is a blatant breach of the DPA, not an admin cock-up.

 

Graham

[parkmoy]

I used 'admin cockup' as a generic term to cover poor management, systems failure etc. I didn't mean it to cover just minor slip ups, rather to emphasize that I didn't consider this to be a planned criminal act.

Clearly senior heads should roll but whether that happens is another matter.