GOVERNMENT staff have been sending out highly sensitive data in packages that include the passwords.

The errors at the Department for Work and Pensions "defeat the purpose" of tighter security rules brought in after last year's data loss scandals, according to an internal email.

The startling admission comes in a message circulated to staff by one of the DWP's security advisers, and will provoke fresh doubts over Government systems.

Instructions issued to civil servants last December made it clear that passwords should always be sent separately from sensitive information, whether it was being transported by courier or electronically.

Last November it was disclosed that HM Revenue & Customs had lost two discs containing 25 million child benefit records in the post.

The following month the Department for Transport revealed that the details of three million candidates for the driver theory test had also gone missing.

Information Commissioner Richard Thomas has been notified of more than 60 data breaches by Government or other public sector bodies since the HMRC scandal emerged.

A DWP spokeswoman said: "We take the security of individuals' data extremely seriously.

"We have carried out a major review of procedures around the transfer of data to ensure the security of customer information.

"We expect all managers to monitor the application of our security controls and remind staff as necessary of the correct procedures."

1:27pm Friday 9th May 2008

Print

Email this