Irreverence

posted on 20 February 2008 11:40

People make mistakes. Over-stretched and under-funded organisations make more of them. Organisations with lax handling procedures and inadequate IT security awareness make dozens and dozens of mistakes, the recent biggest one being HMRC's loss of the entire Child Benefit database, 25 million records, after sending a copy through a courier service as if it were an inter-office memo.

It got mislaid.

The Crown Prosecution Service (CPS) mislaid for about a year a CD sent to it by the Dutch police which contained DNA profiles of unknown people obtained from 2000 Dutch crime scenes. They were to be checked against UK stored DNA data to see if the people involved could be identified.

The checks started this month when the disk was discovered and 15 matches have been found. In other weords, fifteen or more possible criminals have been free for a year to commit crimes, such as murder and rape, because one or more civil servants sat on their backsides and forgot about the CD. There is an idea that a civil servant involved was on sick leave and nobody picked up on the need to check the CD's contents.

This isn't an IT data security issue per se; it's more a simple case of bad administration by bureacrats and, obviously, seriously ill-informed management not checkingup on subordinate's activities. The Dutch police obviously didn't chase the UK CPS for its response to the DNA disk check either.

CDs are a quick and easy means of storing massive amounts of information and our very familiarity with music CDs can lead people to being complacent and careless with data CDs.

The CPS has been found guilty of incompetence and will be sentenced to Community Service.