It seems that some local authority employees have been using the Department for Work and Pensions’ Customer Information System to carry out their own private research. Not that it appears to be a big deal – the following security notice is tucked away in a regular DWP bulletin:
Security notice – CIS access to HMRC and DWP data
LAs access customer information through DWP’s CIS. From July 2008 this has included access to Her Majesty’s Revenue and Customs’ (HMRC) tax credit data. Desktop access to CIS has helped to significantly improve service delivery to customers. However, DWP and HMRC customer information is shared with LAs on the understanding that only authorised access is permitted.
DWP’s Local Authority Support Team (LAST) carries out checks on a sample of system-generated Test Checks, which LAs have conducted. In addition, DWP and HMRC interrogate CIS to carry out independent data matches and checks of accesses made by both LA and DWP staff.
These checks are carried out to provide assurance to DWP and HMRC that accesses to CIS are appropriate and that information obtained is used correctly.
Regrettably checks have identified some LA staff are committing serious security breaches.
To be absolutely clear, and by way of reminder to all LA users accessing CIS, users should not
• access their own records or the records of friends, relatives, partners, or acquaintances
• make enquiries on behalf of colleagues in respect of their friends, relatives, partners, or acquaintances
• share their system, Government Gateway or other identity password with their colleagues
• access CIS for any unauthorised purpose
Not very reassuring at all, is it?