No wonder T&R wants a cover-up
Saturday 7th June 2008, 10:01AM BST.
THERE is a particular irony not lost on islanders that the department that used to be run by the man now urging the Policy Council to embrace a freedom of information policy is refusing to release its own investigations into the States web site security breach it had allowed to happen.
That’s the problem – or benefit, depending on whether you are the taxpayer funding the bungling or the official trying to cover it up – of internal investigations into embarrassing mistakes: the department controls the information.
Fortunately for islanders, they have an independent data protection commissioner and he was able to say without being gagged that, yes, there had been a breach, the vulnerability was of kindergarten simplicity to access and, in any event, the department had been warned about it but failed to deal with the problem.
Oh, he might as well have added, don’t try to blame it on the whistle-blower because the lapse by Treasury and Resource’s own information technology unit was severe and could have been much worse bar some very good fortune.
The reason T&R won’t release its own report – entertainingly entitled Lessons Learnt, although islanders are not privileged enough to know what they are – is because it would expose to scrutiny the many and juvenile failings of the ITU.
It is possible to deduce that because of what T&R has been gracious enough to release: the recommendations arising from having learned lessons. On the basis that these have to be put in place to plug procedural gaps, it is a fascinating list of what the ITU ‘experts’ have been failing to do. This includes stress-testing the security of all States websites, especially after having made big changes to them, and taking down redundant sites.
It also emerges that the States has not been encrypting third-party personal data on laptops or removable media, an astonishing lapse after the UK’s experiences.
The States has a unit specifically to deal with these very matters yet it is found wanting at a very basic level and taxpayers are now being asked to employ an information security officer to plug the gaps that should not exist in the first place.
No wonder T&R wants to hide its shortcomings.
Campaigns
Voice For Victims
Voice for Victims is a campaign aimed at promoting the rights of those affected by child sexual abuse.
This is Guernsey
Guernsey Press
A hard hitting Opinion and so it should be.
Well said the Press for your comment on Peter Harris’s report “Oh, he might as well have added, don’t try to blame it on the whistle-blower because the lapse by Treasury and Resource’s own information technology unit was severe and could have been much worse bar some very good fortune”
The title of the report “Lessons Learnt” seems to be something of an oxymoron, as the twits who were responsible for the security of our information seem incapable of managing even the most basic security and compound this by the arrogant ignoring of warnings.
What is clear is that if the Press had not arranged the security experiment the likelihood is that the security lapses would still be there.
Then question is “How can we trust the ITU people with our data?”
Silly. stupidly titled. and secret reports hardly inspires confidence in the department not in politicians who weeks ago were promising open government.
Report abuse