http://www.computing.co.uk/computing/news/2216315/dwp-sending-sensitive-passwords
By Tom Young
Computing
09 May 2008
Government staff in the Department of Work and Pensions (DWP) have been
sending out sensitive data in packages containing passwords that provide
access to the information.
An internal email to DWP staff outlining the poor security practices was
leaked to influential political blog Dizzy Thinks.
"Staff are... forwarding the data and password on together, which
defeats the purpose of the security measure entirely," the email reads.
After HM Revenue and Customs lost the details of 25 million families
last year, civil servants were told all information sent between
departments had to be password protected with passwords sent separately.
"We have carried out a major review of procedures around the transfer of
data to ensure the security of customer information. We expect all
managers to monitor the application of our security controls and ensure
that the correct action is taken in all cases," said a spokesman for the
DWP.
Received on Mon May 12 03:24:08 2008