HMRC - further comment

I suspect that the England soccer team losing their vital match against Croatia last night was a pre-planned conspiracy to give us something else to talk about other than the HMRC fiasco/scandal/failure/disaster. Or perhaps the loss can be blamed on the fact that half the team have children and so their minds were probably on the consequences of their child benefit data being open to compromise.

There’s enough ranting going on elsewhere and I’m sure there are also lots of “timely reminders” about the importance of security being sent around many organisations today.

Let’s keep in mind that this incident is a result of failures across each of the three major components of information security governance: people, process, and technology.

In The Times this morning, somebody on the letters page writes that what “alarms me the most is the knowledge that a junior official had access to the data.” That fact shouldn’t be an issue if the junior official is correctly trained and supervised, knows the importance of the data being handled, and is aware of the consequences of getting things wrong.

If this incident results in the spotlight being shone more closely on information security governance across every organisation that holds private data – including my own – then bring it on.