Wednesday, November 21, 2007

Technical Notes #1 - Personal Data

CDs
How NuLab Sees You
OK, it's just 24 billion one day and a mere 25 million the next, but you couldn't say that life in the treasury team is exactly dull at the moment.

IT is boring. I earn my living from it, and at times it is a good living, but there is precious little joy in it. I can't get excited by the Wintel v Mac v Linux kind of debates that crop up from time to time on blogs and the like, and to be honest I could probably make a good argument on any given side of that sort of thing that I was dumped on. I write this on an amazingly good value Wintel laptop, I'm amazed by the 'bang for bucks' I can get out of the linuxy hosting platform I do the Facebook stuff on for £50 a year, and Apple stuff, at the very least, looks as if it deserves a place in design museums around the world from the moment it is released. I like it all, I hate it all

I normally steer well clear of the whole subject unless I get 'tired and emotional'. For all of that, I think to most people with experience of large 'customer' (and the term was used in the Commons about those on HMCE's systems even if it sounds a bit perverse - surely HMCE is the customer) databases there must be several points in Darling's explanation of the whole affair that must sound shocking.

My own company holds copies of databases, some with several million records of individuals that are used to help respectable companies develop and maintain their systems. It is more likely than not that anybody reading this article would appear on one of them. Ask me which though and I could not tell you, because, before they were given to me, any piece of information that could possibly identify you was removed. No addresses, everyone lives at 'A Street, B Town, C County, XX1 1XX' and you are called 'M/s Customer XXXXXX', your date of birth is the '01/01/1900' and your National Insurance Number is 'AB123456C'. Even this is only handed over after a debate over the necessity of such a handover and the terms under which I received this copy would be clearly defined and make me contractually obliged to treat even this obfuscated data with the same respect as if I was an employee of the company who legitimately hold the original version.

I could not bypass this. Systems such as those I work on, let alone those overpriced government solutions do not have, as a rule, a menu option that says 'copy all customer data to 2 CDs'. The hypothetical junior civil servant at whose door the fault the latest fiasco can supposedly be laid would have had to have asked for specialist help to produce this data extract. If I went I looking for such an extract with my own customers, the relevant person would have said 'you must be joking'. This is not surprising, I'm only an external consultant, but they would have refused to do it for almost any in-house employee, and, especially in the case of FSA regulated companies, would not even have done it for a director of that company without formal written approval. Even the most junior of database administrators in most companies these days have awareness of the sensitivity of personal data, and have specific authorities granted to refuse to perform certain tasks, even from those whose nominal seniority far exceeds their own.

I encounter this on a daily basis, because it breeds a culture where even much more reasonable requests routinely cause a lot more hassle than they really merit. Fundamentally though, the attitude that gives rise to this kind of irritation also ensures that what happened, apparently so easily, within civil service circles, would be much less likely to occur in large, but not national government scale bodies.

I cannot construct any remotely reasonable scenario in my own mind where the single 'junior civil servant' is anything other than a politically convenient myth, and that there is a bigger problem in terms of the culture surrounding the handling of personal data than even Darling could admit in his humiliating admissions today. While it might superficially sound like something from the pointy tinfoil hat brigade, I cannot really imagine that there would be anything less than half a dozen people responsible directly for this failing. I do not cry 'conspiracy' but rather point to an institutional mindset that would allow these events to happen and, from that cultural failing, the Darling and, perhaps technically in this case his junior ministers, cannot maintain the distance that they currently desperately seek.

I honestly don't know which is the case, but there was little in today's revelations that inspired confidence. Darling waffled on about how he was 'concerned' that all 25 million records were transferred to the auditors when, as he implied, they couldn't possibly audit more than a dozen or so individual cases, which stands in stark contrast to the actual request for anonymized data, which suggests a wholly different kind of higher level statistical analysis.

There is, at least, some more than cold comfort in the whole debacle. I will at least know that the line of 'nothing to hide, nothing to fear' next time I argue about the merits or otherwise of ID cards and the National Identity Register can only come from a certifiable imbecile. The case for proceeding with this scheme is now not so much dead, as hung drawn and quartered, and burnt on the brazier afterwards for good measure.

It would be the act of a fool to trundle on down the path we find ourselves on in this regard and while, it is true, it would appear that we have just such a fool occupying Number 10, the sounds of his fragile coalition on this measure disintegrating are music to my ears.

No comments: