Data security rules breached at DWP

Last Modified: 09 May 2008
Source: PA News

Government staff have been sending out highly sensitive data in packages that include the passwords, it was revealed.

The errors at the Department for Work and Pensions "defeat the purpose" of tighter security rules brought in after last year's data loss scandals, according to an internal email.

The startling admission comes in a message circulated to staff by one of the DWP's security advisers, and will provoke fresh doubts over Government systems.

Instructions issued to civil servants last December made it clear that passwords should always be sent separately from sensitive information, whether it was being transported by courier or electronically.

But the email, leaked to internet blog Dizzy Thinks, warns: "I have been advised of instances where password protected data has been sent out with the password being sent separately as detailed in Security Notice 02/07.

"However, once the data and the separate password are received, staff are then forwarding the data and password on together. This defeats the purpose of the security measure entirely.

"Could I ask you to remind staff of the heightened security surrounding data transfer and ensure that data and passwords are sent separately."

Last November it was disclosed that HM Revenue & Customs had lost two discs containing 25 million child benefit records in the post.

The following month the Department for Transport revealed that the details of three million candidates for the driver theory test had also gone missing.

Information Commissioner Richard Thomas has been notified of more than 60 data breaches by Government or other public sector bodies since the HMRC scandal emerged.

These news feeds are provided by an independent third party and Channel 4 is not responsible or liable to you for the same.