What Price Privacy?
Under the 'Freedom Of Information Act' the UK Government has been forced to reveal that hundreds of civil servants have "snooped" on British citizens' private data.
As if we didn't already have to worry about hackers illegally accessing government systems, it turns out that our civil servants are more likely to access your data illegally.
The U.K. government is failing to secure data from medical records to social security details, and even criminal records, according to figures obtained by Channel 4 program 'Dispatches' through use of Freedom of Information requests.
Almost 1,000 civil servants working for the Dept for Work & Pensions (DWP) were disciplined for accessing personal social security records. The Department for Health (DoH), which stores all UK medical records, had more than 150 breaches during a 13 month period.
Only a fortnight ago the Queen formally announced that the UK government will be monitoring all Web & email traffic, and will log all landline, mobile phone, and Skype calls - so Big Brother really will be watching - and listening to you!
Who is to say that the data gathered won't be illegally accessed or abused - we have had a lot of revelations about Newspapers hacking into sensitive data over several years, so what are the prospects for any privacy in future?
The DWP has a database of around 100 million people, rather more than the current UK population - presumably including details of people now deceased. Some 200,000 civil servants have been vetted to extremely high standards before they can access this database - yet there are still breaches by staff.
Figures show that from April 2010 to March 2011, 513 civil servants made "unauthorised disclosures of official, sensitive, private or personal information". Between April 2011 and January 2012, more than 460 staff were disciplined over such breaches.
The DoH revealed that it did not log each & every breach of unlawful access to UK medical records, but admitted to 158 recorded breaches in 2011. Four years earlier, there were only 28 cases, so that represents a five-fold increase!
Out of the hundreds of thousands of employees in both departments, these numbers represent only a fraction of the total staff, so not all are untrustworthy. However as we know, it took only one person to leak more than 250,000 US diplomatic cables to WikiLeaks in the largest single unauthorized release of classified data in the history of the United States.
Under the Data Protection Act, it is a criminal offense to obtain or disclose personal data without prior permission. The penalties for such criminal offenses go up to £5,000 ($7,900) in a Magistrates court, or an unlimited fine in the Crown courts. Identity Theft is big business now and really ought to be punished in the same scale as robbery.
British politicians have called for extreme data breaches to result in
prison sentences, something dismissed by other parliamentary committee
members, so there is some hope of tightening of the penalties.
One Scottish local authority was fined £140,000 ($220,000) recently for five separate data breaches, which is the highest fine imposed by the courts to date.
It seems that the financial benefits from selling personal data are rarely outweighed by the fines or penalties imposed!
New legislation proposed by the European government would require a data breach, whether by an individual deliberately acting outside the law, or accidentally due to unforeseen events, to be reported to the person for which that data relates.
Those laws are at least two or three years away, so until then companies & public sector organizations will face minor fines compared to the 1 million euro flat rate or 2% of their annual global turnover. Meantime we should ask ourselves just whom is listening to intimate conversations we had always assumed were private!
GCHQ, Cheltenham UK
Our GCHQ center already monitors a huge amount of data flowing through the UK networks, a mixed blessing since that allows them to track would be terrorists.
Further data security concerns must be raised by the move to Cloud computing - the potential for data stored in cloud systems to be hacked is still questionable.
Of course the typical UK citizen is entitled to
feel concerned - and should be legally entitled to know when his data
has been misused. I think it reasonable that we regard these people as
'victims' just as much as those who were hacked by criminals or
journalists, etc. And if compensation is due to them, who pays the
price? It should be the perpetrator, but will probably be the tax payer
Some information used in this post was sourced from ZDNet's Between the Lines under the headline "UK government staff caught snooping on citizen data."