Council staff breach national ID system

 

Gallery

By Stewart Mitchell

Posted on 26 Feb 2009 at 12:55

Local authority staff are making "serious security breaches" of the Department of Works and Pensions' Customer Information System (CIS), official documents show.

According to an internal DWP bulletin, "since August 2006, 33 local authority staff have been confirmed as accessing records without business justification. They were all 'view only' accesses of an individual's CIS account where there was no business justification for the access".

The breaches have caused concern because the CIS is expected to host the details of tens of millions of Britons once the National Identity Scheme is in place and already contains the details of UK residents with National Insurance numbers and holds more than 70 million records.

In a thinly-veiled warning to all local authority staff, the DWP reminded workers that they were being tracked and future breaches could result in prosecutions.

"The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information," a DWP spokesperson told PC Pro. "This is an indication of how seriously the department and local authorities take data security."

The bulletin says: "Users should not access their own records or the records of friends, relatives, partners, or acquaintances or make enquiries on behalf of colleagues in respect of their friends, relatives, partners, or acquaintances."

Despite the security scare, the DWP tried to paint the breaches in a positive light, suggesting the fact that the intrusions were uncovered shows the system is working.

"The control systems actively manage and report attempts at unauthorised or inappropriate access," the spokesperson says, without giving details of how the system distinguishes between valid and invalid access to files.