Thursday, 22 November 2007

The CDs of Doom: An example of utter ignorance

Yes, the data loss is being done to death, but this nugget just lept out and bit me, via Tim Worstall:
It has since emerged that the National Audit Office, which had asked for the CDs, had specifically requested that bank details and other sensitive data be removed from them when it asked for other copies of the Child Benefit database in March, but a senior manager refused to do so on cost grounds.
On cost grounds? Removal of certain items of data from each record (or a query only selecting the required ones)? Erm. Anyone with even the remotest knowledge of computer databases would suspect that to select a subset of fields is easy.

Any script kiddie could probably get the documentation, read up the record formats and knock up a bit of code in under an hour to sift it, and I would expect the person who got the data out could have just submitted the right query.

I wonder if this was seen as too expensive because the Manager in question asked one of their "Consultants" for a quote. Knowing them this would entail doing a needs analysis, talking to the customer, writing a functional spec, test plan, documentation, project plan etc etc etc. Probably about 2 weeks work all told at £1,200/day. Lets say £20grand between mates (sandbagging upon sandbags).

That, or they were just angling to get some "income" to their cost centre.


No comments: