More than 200 public sector staff caught snooping on citizen records

The number of public sector workers caught snooping on personal records in the government's largest citizen database continues to grow, with the total now 225 - and the true figure could be higher still.

The number of public sector workers caught snooping on personal records in the government's largest citizen database continues to grow, with the total now 225 - and the true figure could be higher still.

Yet another employee has been sacked for accessing records on the Department for Work and Pensions (DWP) Customer Information System (CIS), which holds the personal details of almost everyone in the country. With more than 90 million records, it is thought to be the largest public sector database in Europe.

The latest addition to the growing number of staff caught snooping comes from the Northern Ireland Department for Social Development (DSDNI), which said in answer to a Freedom of Information request that it had disciplined 45 people for viewing personal records in the DWP CIS database since January 2007.

Some 225 government staff are now known to have abused their right to access CIS in their job. Workers at numerous local authorities and courts have been disciplined for looking up the personal details of people - usually celebrities or acquaintances - when they had no business justification for doing so.

The figure may be much higher as only some of the departments which have been given access to the DWP CIS have supplied figures. HM Revenue & Customs (HMRC) has consistently refused to reveal how many of its staff have abused their CIS access rights.

The DSDNI said it sacked someone in May 2008 who had spent 10 months peeking at personal records of family, friends and colleagues. It discovered another staffer had been looking up neighbours, friends and family for nearly two years - their disciplinary process is ongoing.

Three other DSDNI employees left before the department had finished disciplining them. It disciplined 13 people for repeatedly looking up personal data belonging to friends, family and colleagues. One was caught looking up a "relative of an acquaintance". The department has so far this year caught 16 people abusing their right to access the DWP database when administering social security payments.

Phil Booth, national organiser of the No2ID campaign group, said the data breaches carried a heightened risk in Northern Ireland, where leaked information could be used by sectarian thugs.

The DWP said, "We have robust and appropriate safeguards to monitor access to the system, which have been proven to catch those staff who do not have a legitimate business reason to access CIS data. All breaches of CIS are taken extremely seriously and in-depth reviews are undertaken to determine if improvements to access monitoring are required."

The DWP had planned to turn CIS into a data sharing system for the whole of government but cancelled the project, called CISx, after three years. It proved too costly and complex to fulfil the project's objective of allowing other departments to make their own contributions to the database.

CIS will still be rolled out as part of a wider data-sharing scheme this year called Employee Authentication Services, a cross-government project being led by the Department for Children, Schools and Families.

The DWP refused to answer any questions about the cancelled data sharing system. The department's press office said it would only divulge information requested under Freedom of Information law.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.