back to article HMRC manual on data protection was protected data

HMRC restricted details of its security procedures to senior officials, it has emerged, just weeks after the department pilloried a junior official for loading the UK’s child benefit database onto CDs which were then lost. The department had a detailed manual covering procedures for handling the benefits database and other …

COMMENTS

This topic is closed for new posts.
  1. BoldMan

    Typical!

    Oh its about security therefore we must make it secret!

    This obsession with security guidelines and documents is pointless if the morons just ignore the rules anyway and tell the office junior to send the disks anyway.

    Some of these managers need to be exposed and fired, otherwise any investigation is nothing more than wasting MORE taxpayers money.

  2. Peter Fielden-Weston
    Stop

    HMRC Manual

    "But a spokeswoman for the department said there were several sets of procedures within the department."

    Yes -

    There was one in the Directors safe.

    The Confidential Documents office had one in its safe.

    The Assistant Undersecretary had one in his safe.

    As did the Undersecretary in his safe.

    The Permanent Secretaries Political Adviser had one. She doesn't have a safe, but she doesn't work in the same building as they do (or the same city actually) so that doesn't matter.

    The Security Office also had one, but they lost theirs. The Security Office are looking into the loss.

  3. Pete mcQuail
    Black Helicopters

    But.....

    ....surely the information that the procedures are restricted must also be covered by a security restriction.

  4. Steve
    Joke

    I can just hear Sir Humphrey now...

    "But, Minister, the manual was far too sensitive to be made available to everyone - just think of the embarassment if our manual on security procedures was leaked due to lax security procedures!"

    Hehehe...

  5. The Other Steve

    Yes Minister.

    That is all.

  6. Omer Ozen

    Repeat after me

    Security through obscurity does not work!

  7. Anonymous Coward
    Anonymous Coward

    ...restricted to civil servants only.

    From the language in the rest of the article I assume you mean *senior* civil servants? Even junior staff are still civil servants.

  8. TeeCee Gold badge

    I give up.

    Every time we try to take the piss out of these beggars they go and trump us with real world examples.

    I'd suggest that this was all caused by poor advice from the Permanent Secretary's closest advisor, an imaginary pink giraffe called Cyril, but it'd probably turn out to be true.....

  9. Slaine
    Black Helicopters

    in keeping with this new practice...

    ... the next general election will be performed by marking an "X" in a box beside the numbers 1-6. No reference will be made to which lizard... oops sorry, political party, each of the numbers 1-6 relate to until after the votes have been cast and counted. This move is intended to reduce the number of "spoiled" papers.

  10. Mark
    Pirate

    Dark age numb nuts.

    The upper levels of HMRC really are a bunch of numb nuts living in the dark ages. The public are not evil gods who demand that some token sacrifice of a poor office scapegoat will satifiy our desire to see someone punished for their terrible, incompetent sins.

    I feel sorry for the poor sacrificial goat they picked on. I can just see them being led into the slaughter office...

    HMRC toff: "Bob, you were the one who sent out those discs which were then lost."

    Scapegoat: "But you ordered me to do it Sir!"

    HMRC toff starts booming: "Ha, I care not. May you be slayed by the purest of P45's, stripped of pension rights by meerly days of remaining service and liberally oiled ready for penetration. Oh public of Britian. I offer you this fresh sacrificial scapegoat as payment for our terrible sins. Mahahahaha!"....

  11. Jonathon Green
    Stop

    @ Anonymous Coward

    "From the language in the rest of the article I assume you mean *senior* civil servants? Even junior staff are still civil servants."

    Not necessarily. Anyone junior enough to actually be doing something will almost certainly have been outsourced/privatised/whatever...

    --

    Jonathon

  12. Martin

    Office Junior

    So, how come a mere "office Junior" and seemingly all and sundry have sufficient access rights to dump it all to CD anyway.?

  13. Bronek Kozicki

    @Martin

    surely the explanation is that personal details of 25mln people are much less sensitive than HRCM security procedures. Or so HRCM bosses believe. I wonder if these procedures can be made public under freedom of information act - that would teach them.

  14. Rich Bee

    Scapegoat.

    @Mark.

    There were two goats the one that was slaughtered and the one that was set free. The one set free was the scapegoat (eSCAPE GOAT).

    So from this you understand that the scapegoat is not sacrificed or slaughtered.

    Sorry for being pedantic.

  15. Anonymous Coward
    Anonymous Coward

    HMRC manual

    This comes as no surprise to me. For the past 7 months I have been trying to get the HM manual of protective security from the cabinet office under FOI rules. This is the document that outlines the rules surrounding confidential/secret etc government documents.

    Apparently it might not be in the public interest to release it. Can't have people call them on why things are confidential I guess...

  16. frank denton
    Thumb Up

    Muppetry, pure and simple

    I don't think I've ever heard such a tale of muppetry in all my life. It beggars belief that these people actually exist and can be in positions of power over the rest of us.

    Now I know why there isn't a law against being stupid, it's so they don't have to lock themselves up.

  17. Mike Moyle
    Happy

    @ Mark

    You missed one detail:

    "HMRC toff, >> his face set in a firm 237-D (Righteous Indignation at a Subordinate's Attempt to Pass the Buck Upwards, tinged with Religious Ecstasy*)<< starts booming: "Ha, I care not. May you be slayed by the purest of P45's, stripped of pension rights by meerly days of remaining service and liberally oiled ready for penetration. Oh public of Britian. I offer you this fresh sacrificial scapegoat as payment for our terrible sins. Mahahahaha!"....

    (* Thank you, Keith Laumer, wherever you are.)

  18. Keith T

    To Rich

    "The scapegoat was a goat that was driven off into the wilderness as part of the ceremonies of Yom Kippur, the Day of Atonement, in Judaism during the times of the Temple in Jerusalem. The rite is described in Leviticus 16.

    en.wikipedia.org/wiki/Scapegoat"

    The scape goat is indeed the goat punished for the sins of others.

  19. yeah, right.

    obvious really.

    The security standards were kept in the basement, in a locked cabinet, in a room marked "Beware of Tiger".

    Meanwhile, the actual work instructions are stored in an office on Betelgeuse. Which is only fair as it's obvious the people in charge aren't really on this planet at all.

  20. Anonymous Coward
    Flame

    "Question Time"

    Did anyone see "Question Time" the other night ?

    Near the end of the programme, the case of "the lost CDs" was mentioned as an example of Government incompetence.

    At which, a well-known expert on factual reporting - Mr Piers Morgan - proclaimed it was not "a Government problem", as it was "well known that it was the fault of two people in the post department..."

    .

    .

    I'm not sure which is worse:

    That the man could sit there and spout such drivel with a straight face...

    Or that no-one in the studio was either willing or able to correct him...

    .

    .

    ,

    "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled"

    Richard Feynman

    Rogers' Commission Report into the Challenger Crash Appendix F - Personal Observations on Reliability of Shuttle (June 1986)

  21. Andy Worth

    Common Sense

    But personally I see it as common sense not to send millions of peoples personal records by post, regardless of security procedure. If anyone asked me to do it, I'd be seriously questioning the procedure.

  22. Mr Larrington
    Dead Vulture

    Gagh!

    Not even the BOFH's The Boss could be *this* dim :-(

  23. Rob
    Coat

    @TeeCee

    "...an imaginary pink giraffe called Cyril..."

    I think you'll find that Cyril is the only competent one working there, but when this happened he was on holiday, so blantantly not his fault.

  24. Anonymous Coward
    Happy

    @ yeah, right

    Surely you mean a sign saying "beware of the leopard" ?

  25. Anonymous Coward
    Black Helicopters

    The proper term is "protectively marked"

    That document comes normally as part of a full set from the CESG library, and is issued (as far as I recall) annually or when updates occur in any of the docs. It's quite comprehensive, but the fact that it is protectively marked is quite a pain because it imposes some storage requirements if you want to do it right.

    Having said that, it's not super secret AFAIK and anyone who has signed the Official Secrets Acts (OSA) should IMHO be able to see at least that part, or maybe there's a way in which CESG can create an extract for junior servants to read. Maybe they have, I unsubscribed from it years ago so my knowledge may be a bit dated.

    There is, however, a snag with this library which may explain why it's not that well read.

    It's distributed ..

    .. on CD :-).

  26. John Dougald McCallum
    Boffin

    Official (SECRET)Data handling Manual

    Rember it is on an Oficial File so it is an Official Scecret.So therfore not to be divulged to any one that actualy needs to use it:p

This topic is closed for new posts.