Quick note on government access to personal data

13 January 2015

We seem to be talking about banning any encryption that can’t be overcome by the government again. It doesn’t sound like a good idea for pretty much the same reasons that lots of other people are talking about. See in particular Charles Stross’ post.

I’m just noting something that anyone involved regularly in employment issues knows. Employees do, occasionally, misuse their access to sensitive information. That’s why organisations like the NHS and the DWP have data access policies. And why, from time to time, they use them to discipline employees who they feel have gone wrong. It’s exactly the same in the private sector (because human nature doesn’t fundamentally change depending on who you work for).

The problem doesn’t have to be a rogue employee who’s acting maliciously. People overstep the mark for all sorts of reasons. Sometimes its a blunder. Sometimes they think they’re doing the right thing or being helpful. Sometimes they’re just curious and don’t see any harm. Sometimes they misunderstand their instructions from management. Sometimes they’re bad people or greedy people.

Employees are not infallible. And even the best training, written policies and so on can’t make them so.

blog comments powered by Disqus