A lot of stuff I read about privacy incidents leaves me scratching my head in wonder. In thinking about the staggering number of privacy breaches coming out of governments (Canadian, US, UK, etc.), I wonder:
- Are we hearing about all these incidents because employees who handle personal information for governments are idiots?
- Are we hearing about all these incidents because governments are more likely to come clean when bad things happen?
- Are we hearing about all these incidents because citizens are more likely to go to the media?
- Are we hearing about all these incidents because governments handle such vast quantities of personal information, but statistically are no more likely -- per capita / per employee / per whatever -- to mishandle personal information?
I am thinking that it probably isn't #2.
The latest is from the UK. An employee of the Revenue & Customs sent CDs of unencrypted personal information about almost every child and parent in the UK via regular internal mail. The CDs never reached their destination. The minister responsible has admitted that this has occurred on multiple occasions. When are governments going to learn?