DWP sending sensitive data with passwords
Email indicates that security measures introduced after HMRC breach are not working
Government staff in the Department of Work and Pensions (DWP) have been sending out sensitive data in packages containing passwords that provide access to the information.
An internal email to DWP staff outlining the poor security practices was leaked to influential political blog Dizzy Thinks.
"Staff are… forwarding the data and password on together, which defeats the purpose of the security measure entirely," the email reads.
After HM Revenue and Customs lost the details of 25 million families last year, civil servants were told all information sent between departments had to be password protected with passwords sent separately.
"We have carried out a major review of procedures around the transfer of data to ensure the security of customer information. We expect all managers to monitor the application of our security controls and ensure that the correct action is taken in all cases," said a spokesman for the DWP.
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503
