Nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal acquaintances held on the core database of the government’s National Identity Scheme.
They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the government’s multi-billion-pound ID card programme.
Freedom of information requests by Computer Weekly, have uncovered a string of breaches by council workers:
- Cardiff and Glasgow councils sacked staff after they looked up celebrities’ personal records
- Tonbridge and Bromley councils sacked workers for looking up their friends
- Brent sacked someone who looked at their girlfriend’s details
- A worker at Torfaen was sacked for looking at his own details
But this may just be the tip of the iceberg. Many of the breaches were discovered after sample checks, raising concerns that other breaches may gone undetected.
There have been numerous insider-abuse cases. There must be better data privacy protections. Among other things: There must be audit trails, so that there is a record of who accessed what file when; there should be random checks by outside firms as to the strength of data security protections; there should be strong penalties for any such abuse.