back to article ISA report reveals email security lapse

The Independent Safeguarding Authority's first annual report reveals that it sent an email with confidential data to the wrong address. The incident, which occurred in the organisation's first full year of operation, was followed by an investigation which concluded that the lapse was due to human error rather than procedural …

COMMENTS

This topic is closed for new posts.
  1. Gordon Pryra
    WTF?

    human error rather than procedural failures,

    What a crock

    A procedure that allows humans to fail, fails

    They should have their nuts crushed

  2. Graham Marsden
    FAIL

    "the lapse was due to human error..."

    "... rather than procedural failures."

    General Buck Turgidson: "Well I don't think it's quite fair to condemn a whole program because of a single slip up" - From Doctor Strangelove (or How I Learned to Stop Worrying and Love the Bomb)

  3. Anonymous Coward
    FAIL

    Get your facts right about Soham

    Ian Huntley did NOT work at the school of the girls he murdered. His girlfriend worked at the school and that's how he came to know them. Therefore, the fact that he was a school caretaker matters not one bit. This error just helps to propagate anti-paedophile hysteria. I expect better of the Register.

    As for the ISA's little 'oops', that's just typical. Wait until they lose the entire database. Any day now...

  4. Anonymous Coward
    Grenade

    Insane

    > it sent an email with confidential data to the wrong address.

    There are 3 problems here:

    1) They send confidential data by unencrypted e-mail. Anyone could read it in transit.

    2) They send confidential data by e-mail. If you get into the habit of doing this, it's predictable that someone will eventually mistype the e-mail address.

    3) They mistyped the e-mail address

    > an investigation which concluded that the lapse was due to human error rather than procedural failures

    If your procedure involves "human types in e-mail address and gets it right 100% of the time", then your procedures are broken. No-one is perfect, a screwup is inevitable. However, a whitewash "investigation" that blames it all on some minimum-wage clerk is much better than a real investigation that points out the procedure chosen by management is wrong.

  5. Sarah Bee (Written by Reg staff)

    Re: Get your facts right about Soham

    I don't see where the article says Huntley worked at the girls' school. Besides, it's a syndicated article.

  6. GilbertFilbert
    FAIL

    You can't make this up

    Damn, I should have placed that bet on how long it would take.

    Option request: Allow users to select multiple icons in the same response

  7. John Smith 19 Gold badge
    Joke

    on the bright side

    I don't think the government email system allows GB size attachments, like the whole database.

  8. Anonymous Coward
    Anonymous Coward

    Stasi all over again

    "From 1 November 2010 it will be mandatory for all people taking new jobs or changing jobs in relevant roles to be registered with the ISA."

    And ISA forwards them, "by accident", of course, to employers and police archives.

    Yet another layer of Stasi-type of action.

    Like commenters earlier said, any, supposedly "safe" , procedure which uses hand-written e-mail addressess, is broken by definition.

This topic is closed for new posts.

Other stories you might like