Letter to Computing:
Following the recent string of data losses by HM Government, no-one seems to have taken on board the institutionalised data leaks which HM Government practices as part of its statutory liability and the implication for openly publishing tens of thousands of names, addresses and dates of birth free of charge on the Internet for any ID thief to easily pick up on and make use of.
If this was the general public there would be a national scandal, as there was with the HMRC data loss. If the general public had their names, addresses and dates of birth openly accessible online with no restrictions on who could access them, no payment required and no traceability on who had downloaded them then heads would roll.
Yet this is the exact practice which goes on at Companies House if you are a company director, something that increasing numbers of people are doing to find work as contractors in a shrinking employment market. Whilst it may be a statutory duty to gather such information and whilst it may be perfectly valid to have such information to validate people's IDs in the same way the same information is used to apply for credit cards, I can see no compelling reason why the entire database needs to be dumped uncontrolled for anyone on the web to access unrestricted. We need to move to a model where such private and confidential data is treated the same way irrespective of whether it is a private individual's data on the HMRC computer or a Company Director's data at Company's House - it's the same data after all. The forthcoming changes in the Companies Act only allow the address to be withheld, so even after these changes the director's full name and date of birth will be public and can still easily be tied up with historic electoral registers before the edited versions were introduced. Simply publishing the age is also not enough since the data of birth can be deduced by querying the site once per day for a year, a task easily automated.
You reported on 3rd July, front page, that one person had accessed the name, address and phone number of another businesses' details on-line at the PAYE site. The scale of openly publishing the private details of the directors of 2 million limited companies in the UK is surely much more significant.
Company Directors are not immune from ID theft, yet the government does nothing to protect the ID of over 2 million company directors. Why not?
By Craig Cockburn, IT Professional from Scotland. Digital Transformation, Agile Management, Politics and Social change
Total Pageviews
Subscribe to:
Post Comments (Atom)
Popular Posts
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
BBC NEWS | Politics | £141m benefits computer shelved : "It is the latest in a long series of computer problems for the government....
-
Your profile indicates you have been contracting recently, therefore you will only be interested in contract work then? Incorrect. Thi...
-
The UK Government Digital Service (GDS) has just had a reboot . However will it be value for money and deliver its objectives? Will th...
-
Please visit this link . I used to run a PRINCE2 group on LinkedIn, but have now closed it (no point in duplication) Craig
-
I first promoted Demon in June 1992, the month they set up. I joined them as a customer the following year. This is the first time I have mo...
-
I typically get a lot of calls from Recruitment Agencies. Usually it's about 20-25 a week. At 5-10 mins a call plus the inevitable telep...
-
Another government IT disaster. 10 years behind schedule, the Dunblane gun register is 'unfit for purpose' . The article also mentio...
-
Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
No comments:
Post a Comment