When TV crews went into the offices of PA
Consulting in London last week the staff looked as if they
thought they were in the midst of an armed raid.
They might have hidden under their desks if not for the security
people at PA, who showed they were in control: they put their palms
on the lenses of the TV cameras.
But the TV crews were performing a public service. A member of
PA's staff had lost a memory stick with, for instance, the names,
addresses and dates of birth of 33,000 criminals - data from the
Police National Computer. The TV crew was holding PA to account -
something the Prison Service, Whitehall and the government probably
will not.
All ministers have done is reflexively order a review of PA's
contracts - which will not have the company's executives reaching
for Prozac.
It appears that the government is hoping that by the time there
is another big data loss, the public will be desensitized to them.
Data losses are becoming a habit. Many people will not even care
that an IT manager, Andrew Chapman, bought a
server on eBay which had the details of one million people who had
given personal information to the Royal Bank of Scotland, Natwest
Bank and Amex: it is a side-effect of the technological age.
The lack of interest in IT security by the general population is
not a reason for corporate complacency. Indeed, the antidote to
organisational carelessness is a fine so large it gives companies
and their outsourcing suppliers a financial reason to be paranoid
about keeping private information private. The Financial Services
Authority has already fined Nationwide nearly £1m after a laptop
containing customer data was stolen.
It is different in the public sector. PA Consulting works for
the Home Office. So the supplier will probably be rapped over the
knuckles with a feather duster and perhaps the only change it will
be encouraged to make is to secure PA's reception area against TV
crews that do not have an invitation. So much for learning from
mistakes.