Feeds

Ombudsman slams DWP, HMRC data dumbnesses

Catalogue of system snafus savaged

Top three mobile application threats

Parliamentary Ombudsman Ann Abraham today slammed bungling government departments for a series of systemic failures that left one of their clients distressed, fearful and out of pocket.

Further upholding charges of maladministration and injustice against the departments involved, Ms Abraham warned that unless government bodies get their act together, the public may lose their trust in them altogether.

According to her report, A breach of confidence, at some point in 2006 one of the three departments involved – HM Revenue & Customs, the Child Support Agency (now the Child Maintenance and Enforcement Commission, aka CMEC) and the Department for Work and Pensions – incorrectly updated records relating to a Ms M so as to show her living at her former partner’s address, even though she had never done so.

When Ms M tried to find out why this had happened and to obtain assurances that her records had been corrected, she was passed from one agency to the next, with each in turn denying responsibility. The matter eventually reached the Ombudsman via Ms M’s MP.

The Ombudsman today expressed three key concerns. First, that the network of computer systems used by the three departments could make changes to Ms M’s personal data without her knowledge or consent, yet no audit trail exists allowing them to pinpoint the source of any errors.

Second, she objected to a culture of buck-passing, which meant each agency blamed the other, and each taking the view that since the mistake was made by "the system" there was nothing they could do. None would accept responsibility for what had happened until the Ombudsman became involved.

Third, and most significant, the handling of this complaint showed that even if the computer systems were talking to one another, the agencies were not.

Launching today’s report, the Ombudsman said: "There is an important warning here for all public bodies. The lessons from Mrs M’s experience and my investigation are not only about information sharing.

"Public bodies need to learn to get their administration right, to be customer-focused, be open and accountable and to work together to put things right when mistakes occur.

"Unless all this happens, public bodies run the risk of making other people feel the way Ms M told me she feels: that she will never be able to trust a government agency again."

In a joint statement issued on behalf of all three departments concerned, a spokesman for CMEC told us: "We are very sorry for any distress caused to this customer. Due to our statutory duty of taxpayer confidentiality we can’t comment on this individual case, but this is an unusual and rare case and we have taken immediate steps to prevent this happening again.

"We have accepted all the recommendations contained in the Ombudsman’s report and are working together to make sure they are implemented."

The report's recommendations include an apology for Ms M, £2,000 compensation and an assurance that her details have been checked on every database owned by the three agencies involved.

In addition, the three agencies, in discussion with the Cabinet Office, have agreed to put in place a customer-focused protocol to deal with complaints of this kind.

The Ombudsman has also taken the significant step of recommending that the Cabinet Office takes steps to ensure that lessons are learnt from Ms M’s experience and that appropriate guidance is disseminated to all government departments.

We did ask the CMEC spokesman what precise steps had been taken to prevent a recurrence of this sort of incident, but have not yet received a response.

Professor Merlin Stone, Head of Research at the Customer Framework, specialists in customer and customer information management, told the Reg today: "After years of being pressured to improve the quality of their customer data management processes, most private sector companies have got their act together.

"The same cannot be said of the public sector, whose lapses are many and serious. The Government should realise that massive IT projects are not the way to solve this problem, and are more likely to compound errors. Policies, processes and people hold the answer." ®

Bootnote

We were much impressed by the valiant efforts of the various press offices involved to provide a dramatic re-enactment of Ms M’s experience, in terms of buck-passing and confused communication. We first contacted the DWP, who explained that it wasn’t them and we should talk to CMEC.

They in turn were keen to point out it wasn’t only them involved – and had we spoken to HMRC, who they thought were sorting out a common statement? Or the DWP? We tried the DWP again, who promised to get back to us.

Instead we got a government statement via CMEC, and a call explaining to us what we must have said to have caused the DWP to misunderstand our request in the first place...

Bootnote

CMEC did get in touch after this story was filed. We're still none the wiser on what additional steps they have taken.

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.