Local authority staff sacked for ID card data breach
By Ian Dunt
Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.
In total, 34 council workers were found to have illegally accessed the Customer Information System (CIS) database, which is currently earmarked to form part of a linked-up network of three systems constituting the government’s national identity database.
The revelation is the result of a Freedom of Information request by Computer Weekly and includes details of Cardiff and Glasgow workers who were sacked after looking up the personal details of celebrities, and a Brent council worker sacked after searching for personal details of his girlfriend.
“It’s an appalling mess, and we’re staggered that the government has all the way through contended it’s going to be this ultra-secure database when in fact it’s just cobbling something together because it’s desperate to keep this thing going,” No2ID head Phil Booth told politics.co.uk.
“Ministers who know nothing about IT are flying the face of technical advice and the fact of what goes on.”
The CIS database stores information on 92 million people, including ethnicity and relationship history.
Around 200,000 government officials have access to the database, including staff at local authorities and various government departments.
“This is the tip of the iceberg on a system which is at the heart of the national identity scheme,” Mr Booth added.
“This yet another case of those with authorised access being the root of the problem. It’s not about external hackers. It’s actually the problem of the temptation.”
But the Home Office insisted the future national identity databse would come with tough new safeguards.
An Identity and Passport Service (IPS) spokesperson, said: “IPS will make the systems supporting the national identity service as secure as possible, building on an excellent track record with the current passport database.
“Our proposals for the development of the national identity service seek to incorporate the use of technology supporting CIS to store biographical information. However, such information would be stored separately from any information held on CIS by the Department for Work and Pensions (DWP) and protected by strict audit and access controls.
“It will be a criminal offence to make any unauthorised disclosure of information and our security arrangements will also be subject to the independent scrutiny of both the information commissioner and a new identity commissioner.”