HMRC data loss 'completely predictable'

'Old, outdated and broken processes,' says Symantec

Written by Ian Williams

Information World Review, 22 Nov 2007

Security firm Symantec has told vnunet.com that it was "not at all surprised" by the recent catastrophic data loss at HM Revenue and Customs.

"At least this time it was spotted, even if it was some weeks later," said Guy Bunker, chief scientist at Symantec. "How many times has something similar happened that went completely unnoticed or unreported?"

Bunker reckons that the junior employee who was responsible for the data breach was probably just doing his job and had no idea of the implications of his actions.

"I am sure he does the exactly the same every time there is a similar request. He probably just presses 'option five' on the screen with no idea about what happens at the back end," he said.

Bunker maintained that the loss of two disks containing the details of 25 million Britons was simply down to "processes that are old, outdated and broken ".

He added that this must act as a wake up call to all government departments and private organisations to address all instances where potentially sensitive information is dealt with by staff.

Sadly Bunker is sceptical about whether anyone will learn from the incident. He cited the lack of impact caused by previous high profile data leaks, such as those at Nationwide and TK Maxx.

An all too prevalent 'this won't happen to us' mentality means that most organisations will not learn from the HMRC case and tackle potential pitfalls in their own policies.

Bunker suggested that a fine similar to the one handed to Nationwide might encourage some companies to sit up and take notice as they will not want to incur a similar penalty.

"But, ultimately, fining the government is not of much use to the people who have had their details lost," he said.

Companies and governments must understand and question the procedures and policies they implement, and these systems to be investigated to make sure they conform to the required security standards.

Bunker concluded that legislation forcing companies to disclose data breaches, as happens in some US states, may be necessary to ensure that customers are as protected and well informed as possible. "Forewarned is forearmed," he said.

Tags:

reader comments

related articles

 

2007 Roundup: Data loss hits the headlines

Nationwide, Halifax, TK Maxx, HMRC and many, many more to blame 24 Dec 2007

Management

CEOs should take the rap for data losses

vnunet.com poll reveals preferred measures for forcing firms to take security more seriously 26 Nov 2008

Renewed calls to criminalise data loss

MPs put pressure on government following revelations of more lost data 24 Jan 2008

related whitepapers

today's top stories

Communications

CIOs must embrace collaboration tools

Author Don Tapscott gives Angelica Mari his reasons for promoting social networking tools and says transparency is the key to security 04 Dec 2008

Communications

On a quest to build a connected society

BT Design’s JP Rangaswami talks to Gareth Morgan about his pivotal role in the telecoms giant’s efforts to deliver universal broadband and his plans to tap into the creativity of the open source community 04 Dec 2008

Management

IT leaders must stand by India

A sense of perspective is the most important response from IT leaders to the attacks in Mumbai 04 Dec 2008

Hardware

Case study: Clifford Chance

Law firm implements Sun platform and reduces datacentres to gain efficiency and cost synergies 03 Dec 2008

Communications

Should CRM be more sociable?

As vendors rush to add more social networking bells and whistles to their CRM products, some experts warn that users must tread carefully when venturing into online communities 03 Dec 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will the terrorist attacks in Mumbai affect your offshoring plans?

Will the terrorist attacks in Mumbai affect your offshoring plans?

Is India becoming a risky destination?

Previous poll results

> More polls

Latest audio and video articles

Padlocked CDVideo

Technology and privacy

Watch the final video in a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 02 Dec 2008

Podcast imageAudio

Computing podcast - Standard Life's offshoring plans; and the prospects for government IT

The insurance giant outlines its new outsourcing strategy; and we ask if the government's economic bailout will affect its IT plans 28 Nov 2008

> More audio and video

Latest in-depth articles

Doctors looking at a computerAnalysis

Watchdog wants IT to cure privacy woes

Information Commissioner Richard Thomas is urging organisations to put privacy protection at the top of their procurement and development criteria 04 Dec 2008

Colin McDonaldComment

Web 2.0 has potential to transform staff training

Employees can sharpen their IT skills through using the latest interactive training tools, writes Colin McDonald 04 Dec 2008

> More in depth articles

Advertisement

Primary Navigation