ICO To Investigate Civil Service Data Breach Claims

An investigation by Channel 4’s Dispatches has uncovered widespread breaches of privacy rules at the Department of Work and Pensions (DWP) and Department of Health (DoH).

The programme has discovered that around 25 civil servants at DWP receive a formal warning each week for inappropriately accessing personal details. The number of similar incidents at DoH is around 13 per month.

The Information Commissioner’s Office (ICO) has contacted the producers of the programme, and will investigate the allegations, which could be classified as criminal offences under the Data Protection Act.

Civil disservice

The programme “Watching the Detectives”, which investigated illegal trade in personal information, revealed that almost 1,000 DWP staff were disciplined in a 10-month period from April 2011 to January 2012 for unlawfully or inappropriately accessing social security records. This information was obtained from the government under the Freedom of Information Act.

The DWP database is thought to be the largest of its kind in Europe, and holds the records of 98 million people, which can be accessed by 200,000 employees of the department and other government agencies.

A spokesman for the DWP said that officials “would not hesitate” to act if any staff had accessed information through inappropriate methods and had improved staff awareness of data protection.

Additionally, over the past year there were at least 13 cases per month of unlawful access to medical records reported to the DoH. Although the DoH does not collect details of all cases of unlawful access, it admitted there had been 158 reported incidents throughout last year.

“Medical records are private and any abuse of their confidentiality is deplorable. Individuals have a right to know that their personal information is protected,” said a spokesman for the DoH.

“The NHS takes protecting individual privacy extremely seriously and if any member of staff is discovered intentionally breaching this, they will be subject to appropriate disciplinary action,” he added.

“We are aware of the allegations made by the Channel 4 programme Dispatches which are, if correct, extremely concerning to the ICO,” a spokesman for the watchdog told TechWeekEurope.

“We are currently making enquiries and will be speaking to the programme makers to obtain the information they have uncovered and investigate whether there have been any breaches of the Data Protection Act. “

“The blagging of personal information is a criminal offence under section 55 of the Act and we will take action where it is clear that an individual has been actively involved in this illegal practice,” he concluded.

Can you look after your personal data online? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

View Comments

  • The Channel 4 investigation into how private detectives are obtaining and selling highly sensitive personal information exposes dangerous loopholes in the way data protection laws are applied. While clearly there are legal matters to be considered here, this investigation suggests that there needs to be a root and branch review of how identity and access management is enforced within many public agencies and government departments. Whether through blagging or other means, better systems need to be in place to predict and spot unusual patterns of access to sensitive personal data entrusted into the State by citizens.

    Real time access risk intelligence and automated enforcement of security standards and data protection policies can improve risk visibility and help organisations better control who is accessing sensitive information, how it is being used and when. This, coupled with strict security guidelines, will ensure that inappropriate use of personal data can be easily prevented.

    • Dear Sir,

      News that the ICO is to investigate civil service data breach claims following Channel 4’s Dispatches investigation highlights a much greater issue which many organisations are facing.

      Our own research has shown that 42 per cent of professionals regularly compromise data security, not out of malice as often portrayed in the media, but in the want of an easier life. People of all seniority levels within organisations regularly break IT rules and regulations on a daily basis causing serious concerns for the organisation around data security and access to privileged data.

      Employees are often positioned as ‘intentional rule-breakers' which is largely inaccurate as many aren't aware of the tight restrictions around accessing and sharing data inside and outside the organisation. Most of the time they are thinking about how to get the job done in the quickest way possible and without considering the importance of the information which they have been granted access to.

      This is just one example where more needs to be done to not only ensure that the appropriate identity and access management measures are in place, but to also educate employees on the importance of data security.

      Kevin Norlin
      Vice President & General Manager, Quest Software

  • The Hull Dwp are using electronic movement detection from house to house, it's operated in a dwelling close to another and they try to monitor movement inside the
    targeted house. 19 Lambwath Road is the location and a simple scanner used outside will instantly detect it.

    The dwp now occupy hundreds of social housing properties in order to spy on benefit
    claimers and they will try to set them up as Fraudsters in order to obtain bonuses
    amounting to thousands of pounds, new cars, sunny holidays etc etc. Simply put it to
    the test, ask them and all will be revealed!

  • I think it's happening to our family ,a white van arrived at a house across the street and some black box affair was carried in. my son is a Ham operator and he thinks it's a RF system of thru the wall radar and he cat race signals back to a room in the dwp spy house.

    we're not sure what's going on but we have read about this sort of stuff and dwp spy cars with poppies on the grill and this one had wheel trims missing. somebody seems to know all about dwp vehicles and where they work from.
    I'm afraid if they think they can get away with it, we have decided to enter the house and sort themout.!

    Manchester dwp watch your step

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago