Much of the recent furore about the growth of the “database state” and information sharing between Whitehall departments has obscured just how much data is already held by the government about citizens.

The Department of Work and Pensions’ (DWP’s) £72m Customer Information System (CIS), for example, is rarely mentioned in the national media, and relatively unknown in the public realm.

The database makes 92 million tax and benefit records available to 80,000 DWP employees, 60,000 workers from other government departments, and staff from 445 local authorities.

And since July 2008 these workers have also had access to HM Revenue and Customs’ (HMRC’s) tax credit data through the system.

CIS is an Oracle database built by Accenture which holds information on anybody with a national insurance number, including where they live, their ethnicity, and their tax status.

The system is also to serve as the blueprint for the biographical element of the National Identity Register (NIR) supporting ID cards, which is currently under construction ­ as distinct from the biometric database, which is being built
from scratch.

Clearly, security is a key consideration for such a vital system, as the DWP said in a statement in February 2007: “With regard to the CIS, there are strict measures in place to protect the integrity of people’s data. Access to the information is only allowed where it is legal to do so, and it is restricted to the specific business needs of the customer. Specific controls are in place to restrict who can see each field, which manages the risk of unauthorised or inappropriate access.”

So it will be a concern to many people worried about the integrity of NIR to know that CIS has suffered a number of security breaches in recent months.

Freedom of information requests submitted by Computing reveal that, in the six months to January 2009, six DWP employees were disciplined for “inappropriate use” of the system.

In the same period, local authorities were obliged to carry out internal investigations eight times after being notified by DWP that CIS had been accessed inappropriately.
These 14 incidents were in just six months. Last month, the department admitted that since August 2006, 33 local authority staff have been confirmed as accessing records “without business justification”.

The DWP became so concerned about instances of unjustified access that in January it sent out a memo to authorities warning them that the practice must stop.

“Anyone found to be abusing CIS may face sanctions ranging from disciplinary action to prosecution,” read the memo. “DWP will support your local authority to ensure appropriate disciplinary or prosecution action is taken, and may consider prosecuting directly under social security legislation.”

The memo did not mention that similar breaches were taking place within the department itself.

One of the problems with securing CIS is there are so many points of access. Although the DWP does not allow workers to access the system from remote or home locations, or via wireless connections, it still has more than 140,000 users to police.

Couple this with a culture in the public sector that does not yet have privacy practices ingrained, and the DWP has a serious challenge, said Sarah Burnett, public sector analyst at Butler Group.

“There is a big turnover of staff and it is often difficult to fire people in the public sector,” she said.

“This makes it a tough job to instill a culture of respect for people’s personal information.”