Feeds

Confidential report reveals ContactPoint security fears

ICO orders much-delayed publication

Secure remote control for conventional and virtual desktops

An independent study on the previous government's controversial child protection database highlighted significant security and privacy risks.

Deloitte found significant shortcomings in the security of the ContactPoint database when it evaluated the system back in 2008. But only a summary of its report was ever published prior to May's general election despite repeated calls by the then opposition to publish the security audit in full. Attempts by the Tories and children's charities to use Freedom of Information Act requests to force the publication of the report were also rebuffed.

Now, following a change of government, the Information Commissioner has ordered the publication of the main (partially redacted) findings of Deloitte's study, which reveals that management consultants were concerned about issues including inconsistent security standards at local councils with access to the database and the insecure disposal of computers used to access the system. Auditors were concerned that kit sold on eBay or dumped might contain portions of the confidential database, the Daily Telegraph reports.

The confidential Deloitte security audit warned of significant residual security risks in running the database despite the best efforts of its architects to make the system secure.

In particular inconsistent security policies at local authorities "pose a significant risk to ContactPoint and its assets". The auditors also warned of the possibility of "information leakage" from the insecure disposal of electronic and printed records from the ContactPoint database.

The ContactPoint system was due to include the names, addresses and contact details of all 11 million under-18s in England. The child protection database was designed to provide social workers, police and hospitals with common access to contact details on children, their guardians and other professionals who might be working with a potential vulnerable child. Contact details on an estimated 52,000 at-risk children would have been shielded.

Security experts quizzed by The Reg warned that the sheer volume of data held on the database and the wide number of professionals authorised to access it made data breaches almost inevitable. Ministers gave the go-ahead for the national roll-out of the system last November.

ContactPoint was due to cost £224m to establish, with a further £44m in annual running costs. Before the election both main opposition parties pledged to scrap the system but since then the Coalition Government has delayed its closure amid speculation, denied by the government, that the system may continue in a scaled-down form.

A Department for Education spokesman told the Daily Telegraph: "One of the first actions for the department immediately after the election was to start shutting down ContactPoint.

"We are currently looking at ways of salvaging investment which went into the system and we will terminate its operation soon. We have issued advice to local authorities that no more resources should be ploughed into the system." ®

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.