As part of its move to provide Internet access to all of its 70,000 workers, the Revenue is currently integrating its disparate security policies into a single document, and warning staff that it monitors Internet use. But it needs also to re-evaluate the sanctions it has at its disposal. At present, it appears that the Revenue's policy is to prosecute only in cases where an employee has manipulated friends' and relatives' records. For all other crimes, the very worst punishment for computer misuse is sacking.
How can it be right that a person in breach of the Data Protection and the Official Secrets Acts can hold on to their position despite serious computer misuse? Of course, resorting to prosecution raises the spectre of adverse publicity; yet it is only through transparency and appropriate punishment that the Revenue can ever hope to achieve anything approaching watertight security.
Government employees have privileged access to data the public is forced by law to yield. Our trust in the edifice of the information society will evaporate unless we see that this privilege is not being abused.