tag:blogger.com,1999:blog-22202011.post1880380267321407835..comments2023-12-11T08:49:46.305+00:00Comments on Dizzy Thinks: If directors can go to prison for failure below why can't ministers?Unknownnoreply@blogger.comBlogger19125tag:blogger.com,1999:blog-22202011.post-37529525677752677332008-08-29T07:36:00.000+01:002008-08-29T07:36:00.000+01:00Agree on PA with 25/8 comment - but they are manag...Agree on PA with 25/8 comment - but they are management consultants, disconnected from the real world of implementation, just like the senior civil servants are. A PA man told me that (although not in quite those words).<BR/>On cleansing the data at source, remember the story of the missing DWP CDs? The reason given for not cleansing that data at source was cost - they were in the grip of a contractor who charged a lot for extras (we have heard that one before).dreamingspirehttps://www.blogger.com/profile/00324207120279777521noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-26423295397443955412008-08-26T22:05:00.000+01:002008-08-26T22:05:00.000+01:00Of course it's systemic. The problem lies in the f...Of course it's systemic. The problem lies in the fact that the vast majority of local and national government employee's are morons, and totally incapable of grasping the most elementary principles of computer security.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-81790680377216108122008-08-26T20:36:00.000+01:002008-08-26T20:36:00.000+01:00Thanks for your reply. Sorry Dizzy - I was enraged...Thanks for your reply. Sorry Dizzy - I was enraged by the very sight of the words Sarbanes Oxley. <BR/><BR/>John of EnfieldAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-82161343371570486302008-08-26T11:38:00.000+01:002008-08-26T11:38:00.000+01:00sorry all you posters, government ministers, civil...sorry all you posters, government ministers, civil servants and all the contractors and others don't think they are above the law they KNOW they are!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-50446968239157907372008-08-26T10:38:00.000+01:002008-08-26T10:38:00.000+01:00"As anyone working in the private sector will know..."As anyone working in the private sector will know, they have to become registered with the Data Protection Registrar if they are going to hold personal information, they will also know that if they are found in breach then they can face severe penalties. It seems that the current set-up though is geared towards the private sector failing whilst the Government can get away with anything but having a "review" and promising that it will not happen again."<BR/><BR/>So, as a precaution, make a list of all the instances where the Government has got away with it, and demand equal treatment if caught, on the principle of natural justice.Sackersonhttps://www.blogger.com/profile/09410040031410954403noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-81458850241487895172008-08-26T09:44:00.000+01:002008-08-26T09:44:00.000+01:00Interesting perspective. It is hard to justify pu...Interesting perspective. It is hard to justify public sector officials not being subject to severe punishments for losing extremely valuable information, and the Conservatives would do well to put this forward in their manifesto and implement it on day one rather than waiting for their own disasters in government.Letters From A Toryhttps://www.blogger.com/profile/14612766550608940053noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-14631016100942015442008-08-26T08:19:00.000+01:002008-08-26T08:19:00.000+01:00To John of Enfield. I am not talking about regulat...To John of Enfield. I am not talking about regulation, I'm talking about legislation that will hold politicians and Government to account on the matter of data security. it's not a socialist trap at all.dizzyhttps://www.blogger.com/profile/04250325010662356883noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-23885831608570774092008-08-26T07:52:00.000+01:002008-08-26T07:52:00.000+01:00Yes but this is just another example of the comple...Yes but this is just another example of the complete abandonment of moral responsibility and authority. This lack of professsionalism is a creeping sickness which has affected most of society. <BR/><BR/>Who now has genuine pride in their work? Who can honestly say that they have done their job well? It's all about working to the rule-book. If the rules don't cover it then tough. And if the rules do cover it - then tough. Just do the minimum for the cash.<BR/><BR/>Over-regulation has led to abandonment of personal responsibility. Time to throw the rules out of the window and make people personally liable for there actions. You can hear it now 'System fault, lessons will be learned, etc etc". No mention at all of laziness, incompetence and downright deception, of course.Unsworthhttps://www.blogger.com/profile/08307116169498533047noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-85741086024907513752008-08-25T23:17:00.000+01:002008-08-25T23:17:00.000+01:00The irritating thing about this is that there is a...The irritating thing about this is that there is a strict set of guidelines for handling the kind of data that PA lost. It's set down by CESG any everyone in or dealing with the MOJ/HO has to comply to it. <BR/><BR/>The fact is that PA are a leech of a company, who feel they're above the regulations. Everyone I know who has had the misfortune of dealing with these idiot opportunists is hoping the Home office/MoJ uses this incident to develop a spine and kick them out.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-62684954969219258582008-08-25T20:23:00.000+01:002008-08-25T20:23:00.000+01:00Excuse me, don't you have an Attorney General, or ...Excuse me, don't you have an Attorney General, or the equivalent...that guy in a wig....<BR/><BR/>What are his constitutional powers? Can't he initiate action which if successful throws one of these tossers you lot insist on describing as ministers in the pokey?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-52154047938022527182008-08-25T19:16:00.000+01:002008-08-25T19:16:00.000+01:00You are lucky I am not a labour blogger or the spe...You are lucky I am not a labour blogger or the spelling mistake at the head of your post would have been the justification for some stick. They do not have much else to say.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-59342576249851107112008-08-25T19:08:00.000+01:002008-08-25T19:08:00.000+01:00I fully agree that government ministers should be ...I fully agree that government ministers should be held responsible for the failings of their departments as well as the other parties involved.<BR/>I used to operate under the the rule of "ultimate responsibility" when I was a ship's master.<BR/>Where I could be held responsible for the cook cutting his finger in the galley to the officer of the watch colliding with another ship whilst I was turned in.<BR/>So yes lets see ministers actually held to account.Barnacle Billhttps://www.blogger.com/profile/17257546424880537005noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-88591560988575961652008-08-25T16:25:00.000+01:002008-08-25T16:25:00.000+01:00No one should be above the law, but when it comes ...No one should be above the law, but when it comes to our data it appears that the Government and politicians see themselves as being so.<BR/><BR/>Methinks not just data.Above the law for everything.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-61476493643887165742008-08-25T15:49:00.000+01:002008-08-25T15:49:00.000+01:00One major problem with any government department i...One major problem with any government department is admin training. It is easy to train someone to work in a registry, slightly harder to train a secretary, the most qualified usually dealing with HR. <BR/> Guess which level of expertise shuffles delicate stuff around?anthonynorthhttps://www.blogger.com/profile/06680944720744601697noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-37439597460225044462008-08-25T14:29:00.000+01:002008-08-25T14:29:00.000+01:00Standard operating procedures for personal and oth...Standard operating procedures for personal and other sensitive data,<BR/><BR/>Hardware and software controls - make sure encrypted files can't be saved in any unencrypted format, and block USB ports and CD writers on all machines handling sensitive data<BR/>Procedural controls - vetting of people with access to sensitive files and allow them access only from secured premises<BR/>Administrative controls - Clear structure for establishing and monitoring compliance with security procedures<BR/>Process ownership - someone with authority to impose the security processes and to take the rap if they go wrong. <BR/><BR/>Looks like another comprehensive failure on all levels. <BR/><BR/>Prison is too good for these serial offenders.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-7674425212238476772008-08-25T11:21:00.000+01:002008-08-25T11:21:00.000+01:00The Conservatives and Liberal Democrats both table...The Conservatives and Liberal Democrats both tabled amendments to the Criminal Justice Bill earlier this year to do just this. The Government blocked the amendments.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-47841192797744966102008-08-25T10:11:00.000+01:002008-08-25T10:11:00.000+01:00I'm sorry Dizzy but you have fallen into the s...I'm sorry Dizzy but you have fallen into the socialist trap. <BR/>More & more regulation is NOT the answer. <BR/><BR/>It inevitably leads to more & more criminalisation (see todays discussion on criminalisation of young children). More Gatso, more ASBOs, more regulation gives the state more & more control over our individual lives.<BR/><BR/>The political class will find ways of not getting caught by their own regulations. Witness the Lady who was removed from office because Fatty Prescott did not like the way she made him declare the union funding on one of his many residences.<BR/><BR/>Less regulation is the answer, not more jail.<BR/><BR/>John of EnfieldAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-64788140147510998582008-08-25T09:52:00.000+01:002008-08-25T09:52:00.000+01:00The Government did indeed suggest prison sentences...The Government did indeed suggest prison sentences for those who breeched the DPA. The proposals most vocal opponent? The Press in the form of the Editor’s Code of Practice Committee. Paul Dacre who chaired to committee said:<BR/><BR/>"The threat of custodial sentences under the Data Protection Act was particularly worrying because of the effect it would have had on press freedom by inhibiting investigative reporting"<BR/><BR/>Given you can build in exceptions that a Judge can take into account I don't see it as an issue and who would want to protect people like Clive Goodman anyway?<BR/><BR/>I take your point about using real data and not generated data. By I guess it depends what they were doing with it. If you're developing a system scrubbed data is fine but if you're doing analytics you need the real information to work with. <BR/><BR/>I guess the inevitable report that will some out will tell us why they had this sort of data. <BR/><BR/>The only real facts we know is that the Government explicitly prohibits transfers to unencrypted mobile media. I guess we'll find out what the data was being used for at some point.Mostly Ordinaryhttps://www.blogger.com/profile/11940615088493840939noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-45542707820630420682008-08-25T09:29:00.000+01:002008-08-25T09:29:00.000+01:00SOX is a very bad idea.What you need is to be able...SOX is a very bad idea.<BR/><BR/>What you need is to be able to delegate the resposibility down the tree to the appropriate level. <BR/><BR/>ie. The accounts of a staff canteen do not need to be signed off and audited by the chief financial officer.<BR/><BR/>However, if the CFO doesn't alocate resources to get them audited, they assume responsibility.<BR/><BR/>But please, don't put SOX in. SOX was brought in because the auditors didn't audit enron. The response was, more audit (allow us to extort money legally)<BR/><BR/>NickLord Blaggerhttps://www.blogger.com/profile/06783119146180259097noreply@blogger.com