Data Protection

Now that the dust has settled on the whole missing disks fiasco I'd like to reflect on some of the outcomes.

For one I can't believe how most of the media has absolved the government (and in particular Gordon Brown) of any blame in this.

How can he be held into account for the actions of a junior civil servant?

is what they've been saying.

Well I would agree, if a junior civil servant acted inappropriately then it would be unfair to hold the Prime Minister responsible.

The trouble is I don't think the Administrative Officer (AO) did act inappropriately. I think they were doing as they were told.

They might have cocked up the postage type but unless it's a one off you shouldn't be sending confidential data through the post.
The government agency I work for has to periodically send data to the treasury. It too has to do so via posted disks. This is not only risky but it is also costly.

Consider this: If you want to get from A to B once and you could either use a £200 taxi or buy a £10,000 car then you'd hire the taxi. However if you want to regularly get from A to B then the car would end up being more economically viable.

The most expensive and risky factors in a computer system are always the people that use it and the point of input/output. The more automated you can make something, the more robust it is and the less it will cost you in the long term.

However a decision was made that instead of enabling the treasury system to automatically communicate with other government systems and vice-versa, they would do it by manually exchanging disks. This was no doubt done to save money as the set up costs for this kind of connectivity are high.

Who would have been in a position to make such important budgetary decisions in the treasury over the last few years?

Not that AO, that's for sure.