Just in case we hadn't realised that government departments use unencrypted CD transfer for digitally-stored information as a matter of everyday policy, the N Ireland DVA has just lost two CDs containing more than 6000 drivers' details. Ah, to be sure to be sure.
Ho, ho, ho, and a very Happy Christmas to another six thousand people plus whose identity details have now been compromised by government incompetence.
How did this one happen? Vehicle manufacturers made a vehicle recall and the owners of affected cars needed to be told. So the DVA in N Ireland sent its information, obtained from its database and burnt onto two CDs in unencrypted form, by Parcelforce which lost them.
The details included names, addresses and vehicle details. The disks got as far as a Parcelforce depot in Coventry and then .... nothing. (Yes, irony lovers, they were sent to Coventry and nothing has been heard since.)
DVA boss Brendan Magee is "deeply disappointed," He was not asked why his agency sent out unencrypted driver details out on CD after HMRC had proved it to be an insecure method - six times. His left hand obviously doesn't talk to the HMRC right hand.
Nobody in government has told government departments not to send out sensitive information on unencrypted CDs. The HMRC 25 million debacle has not been enough to concentrate minds and this particular stable door has still not been bolted shut.
- HMRC to Standard Life transfer - 15,000 peoples' details lost - door left open.
- HMRC to NAO transfer - 25,000,000 identity records lost - door left open.
- DVA N Ireland to DVLA Swansea - 6,000 drivers' details lost - door left open.
Top marks for consistency! Bottom marks for information security.
The DVA had just completed a review into how it transmitted information and the review had identified CD transfer as a risk. Due to wonderfully inept DVA and DVLA management no 'stop' had been put on CD transfer while the review was taking place and certainly not after the HMRC calamity. No, indeed not, that was the HMRC, this is DVA, this is the DVLA; completely different you see.
DVLA chief executive Clive Bennett's description includes this gem: "His passion within business is to achieve excellence with and through people. He led his last two companies to attain world class performance and is committed to leading DVLA in the same manner."
These idiots have an obsession with being world-class. The only area where government IT is world-class is in its identity detail leakage numbers. I can't think any other country's government anywhere which has put so many people at risk of identity theft ever.
The N. Ireland DVA was created in April 2007 from two other agencies and the aim was to reduce costs. We heard this constant refrain before with HMRC.
PS. If you are thinking of using Parcelforce for your data transfer needs please bear this in mind:
"At Parcelforce Worldwide, we realise that we’re delivering more than parcels. We’re also delivering a commitment to you and your businesses. Every single parcel you entrust us with is a confirmation of your confidence in us. How we respond is a measure of our success. So we strive to meet and achieve your expectations every step of the way. Everyone that works for us has the responsibility for creating a smooth and efficient service. Our intelligent use of technology also helps ensure we stay one step in front."