UK civil servants routinely snoop on citizens' private financial and health information

Disclosures made by the UK Department of Work and Pensions in response Freedom of Information requests show that over 1,000 civil servants illegally snooped on private citizens' data over a 13-month period. A separate disclosure from the Department of Health showed over 150 illegal breaches in the same period. As Zack Whittaker points out in a piece on ZDNet, these are the same civil servants who will havvess to unlimited amounts of sensitive personal information if the government's plan to require mandatory snooping on all Internet traffic goes through. Who needs crooks breaking into government databases when you've got civil servants stomping through them with impunity?

Between April 2010 and March 2011, 513 civil servants were found to have made “unauthorised disclosures of official, sensitive, private and/or personal information”. The year continuing, between April 2011 and January 2012, more than 460 staff were disciplined.

The DoH on the other hand said it did not log each and every breach of unlawful access to U.K. medical records. It did say there were 158 recorded breaches in 2011. Only four years earlier, there were only 28 cases, representing a fivefold increase.

The FOI requests were made by Channel 4’s investigative series, Dispatches.

UK government staff caught snooping on citizen data (via /.)


  1. > The year continuing, between April 2011 and January 2012, more than 460 staff were disciplined.

    Does that mean there won’t be any prosecutions?

  2. It’s tough to get this right. The main problem is that data is such an ephemeral concept, that moral and ethical culture just hasn’t caught up with the challenges.
    If I see an envelope addressed to you, and thereby learn your address, is that wrong? Presumably not, especially if I couldn’t help noticing it. What about if I actively seek it out on a publicly accessible website? Starts to get a bit creepy perhaps, but certainly not illegal, and I might have a really good reason for wanting to find out. If I’m entrusted with a database and I look at a record I have no business to view, then surely that is wrong, but then it becomes less about the data and more about the process required to access it. I’m pretty sure most people think “what’s the harm?”, and problems stem from there. Our brains are wired to find gossip interesting, as a means of controlling the “freeloader” problem that plagues co-operative eco-systems, so intrinsically we’re just not well suited to deal with this.
    We are entrusted with a lot of data at my company, and I always think the best approach is just not to take it whenever possible. I tell staff to treat data as toxic and something best avoided. Once you do take it, then it becomes really hard to control all the aspects associated with proper usage.
    So I’d apply the same lesson to the government. Do they really really need the data? If not, best off not to take it. Then they wouldn’t have the problem in the first place.

  3. @onepieceman:disqus  – no it’s not tough to get right, the clue is in the word “unauthorised”.Still it’s not as if the useless Information Commisioner’s Office is actually going to fine anyone – that’s not his job /sarcasm off.

Comments are closed.