About CommentOnThis.com
This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.
More...
34. Also, the number of staff who will be able to see the whole of a person's identity record or make changes to it will be limited and fully security vetted. For any such access by staff there will be rigorous auditing, alerts and a range of technical controls to guard against internal misuse of, or fraudulent changes to, the NIR.
Comments:
NO 'member of staff' should have the ability to see the whole of my record!
That there is any role within the system which can access complete records is a fundamental design flaw - and it *will* be exploited. As is access to the PNC, DVLA, and every other government-run database. They have learnt nothing :(
Assume just for a minute that I *can* prove who I am to a sufficiently high level of assurance. It should be ME who 'unlocks' each field for view and/or adjustment by a member of staff, not vice versa.
That some low-paid spod at UK IPS has total control over your personal data, when you won't, should send chills down your spine...
Criminal penalties after the fact (assuming they even catch people) is of no use to the victim, whose whole life could have been compromised.
I think Phil is again right.
Who are these officials who can see the whole record - what sort of job title in what sort of organisation?
Also I'd start to feel better about these people if there was a degree of honesty about the extent to which there have already been "corrupt insider" problems, and how this is going to be differernt in future.
