The Wardman Wire

Was the breakdown that gave rise to the data loss at the systematic (i.e., something in the organisation), or incidental (i.e., something in the “Junior Functionary” concerned).

The former has dire consequences for the people who created the organisation, up to and including Gordon Brown who made the decision to merge the Inland Revenue and Customs and Excise.

The latter has dire consequences for the “Junior Civil Servant”.

From the BBC

On Wednesday, Prime Minister Gordon Brown apologised for the data loss but said it was down to officials not following the rules rather than “systemic” failures at HMRC caused by budget cuts.

Any systems auditor or designer (or programme manager worth his wages) will tell you that “officials not following the rules” is precisely a symptom of systemic failures. Relying on “x didn’t follow procedure” is an indication that something in the environment is not right. And when it has happened multiple times with “fixes” applied each time, and assurances that it is “sorted out”, that should raise warning signals and give very grave cause for concern.

Failure in Which System?

The question is whether it is a failure in:

• The policy and political systems which should keep political initiatives in tune with what is practical.
• The value system that underlies the business (e.g., how important is data security).
• The cultural system that sets the overall approach in accordance with those values.
• The business system that implements the approach and defines how the organisation operates.
• The IT Systems that manifest the business system in IT terms.
• The security system, that should have been incorporated into all the above.
• The training system that inculcates all this into the employees.
• The communication system that makes sure that all of these are kept in the organisation’s attention.
• The auditing system, that should make sure that all the above remain in place.

All of these need to be functional, and there exist national and international standards for most of those.

Even if those standards are implemented (and it’s all about using standard methods as a way of reducing risk), it is all still dependent on the integrity and value system of every individual in the organisation (e.g., “I believe that selling confidential data is wrong”) - and that is crucially dependent on each individual believing that their contribution is valued.

The key question, then:

Where was the cause of the breakdown, and what caused that to arise?

That question needs to be followed back - like St Thomas Aquinas looking for God - to the First Cause.

Will an enquiry or three do that?

My opinion

All systems in an organisation are under stress at times of rapid change, and especially at times of redundancy and insecurity.

My feeling is that this is an incidental failure as a result of systemic problems, that probably go back to the badly managed and too hasty programme to combine the Inland Revenue and The Customs and Excise.

The point that concerns me most is that the enquiries are being limited to “inside” the NAO and HMRC:

Giving his reaction, the Information Commissioner, Richard Thomas, said: “This is an extremely serious and disturbing security breach.”

Mr Thomas welcomed the Chancellor’s announcement of an independent review of the incident by Kieran Poynter of PricewaterhouseCoopers and said he would decide on further action once he has received the report.

“Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO,” said Mr Thomas.

That remit is not wide enough, but the Information Commissioner may not be allowed to state the fact.

That is a political threat to Mr Brown, but it also a threat to the approach used by both major parties of seeking to drive too much change at root level by shaking the tree from the top and demanding results now.

That last point is one that needs to be taken on board by everyone. And I’m not convinced anyone will go beyond committing to it at a presentational level.

Tags: child benefit data loss, alistair darling, gordon brown

[tags]child benefit data loss, alistair darling, gordon brown[/tags]