Sir John Bourn, the outgoing comptroller and auditor general, told a secret session of the public accounts committee that a senior business manager at Revenue & Customs had authorised the information to be released in its full form. His email approving the sharing of the data was copied to an assistant director....It asked for all child benefit numbers, national insurance numbers and names but did not want bank accounts and addresses and dates of birth. According to Bourn, Revenue & Customs told the NAO that removing the extra information would be too costly.
You what? Too costly? How? Oh, right, it's the old standby - "there's a contract". We can't find you the plates for your flak jacket/diagnose your cancer within less than three months/type
SELECT (names, addresses) FROM families WHERE child=Yesrather than
SELECT * FROM familiesbecause there's a contract.
So how does it work? Do they have a little taxi meter on their desks that increments every time they issue a database query? How much is Crapita or Siemens or whoever charging them per SQL statement? But yes:
The e-mail states that the data would not be "desensitised" in the way that had been requested as it would require an extra payment to data services provider.I think I just ate my hat. Mmm, felt.
Shawn Williams, a partner in a law firm specialising in fraud cases, said he regularly received confidential data from Revenue & Customs in CDs with either no password or the password written on the disc itself.
Realistically it's only going to be "password", isn't it? Or maybe something more secure like "passw0rd". Of course it's meaningless, because a CD can't actually check passwords; if you were to access it with a program that didn't perform the password check (like, say, a slightly altered...) this would not help in the slightest.
Further, on a general point, can anyone point to any evidence that The New Public Management - contracting out, next steps agencies, numerical targets and all that jazz - has ever achieved anything useful anywhere?