note for any future court action – this is purely imaginary, I am not really planning to kill anyone now or in the future<\/em>)<\/p>\nThere are so many things wrong with this it is hard to know where to start.<\/p>\n
This person is paid to be a security manager. They are not a child protection professional. They are there to manage the security of the information that the public have entrusted to the council. Nothing else. If their job description means they have to ensure that vulnerable persons are safe in their homes, then I suspect there is something seriously wrong going on.<\/p>\n
As a public servant, this “senior manager” is paid by the public, who you would rightly assume should have some expectation of his behaviour. Unless we’ve moved into some weird world where the vulnerable pay more for their services he has no right to unilaterally assume what laws he will follow and what laws he will break. He has no right or authority to compromise my privacy and personal data because he thinks<\/em> that doing so 100,000 times might save one vulnerable person.<\/p>\nEqually this “manager” (sneer quotes intended) has no way of knowing if he is placing the safety of vulnerable people in further danger. Privacy laws and restrictions on how your personal data can be handled are there to protect everyone. Yes this includes criminals but it also includes vulnerable people. If this senior manager feels sending a copy of the addresses of everyone “at risk” to an agency across town would be helpful sharing of their data, what would he do if it got lost? What is his defence if his information security failures allow a predator to get the details of the vulnerable people he seeks to protect?<\/p>\n
Equally importantly, what about those who only become vulnerable because of his lackadaisical attitude? This idea that passing private information and personal data is inherently a GOODTHING\u2122\u00a9 is insane. An otherwise fine person who has their home address details passed into the hands of a criminal becomes a vulnerable person. They have, through no fault of their own, become open to a vastly different threat – one they may not be prepared for. Is this acceptable behaviour for public servants? Imagine a serial rapist who gets hold of modified electoral roll data indicating addresses (and telephone numbers) of every house in the area where a single female lives. Would you be happy with the response that he would rather be in court over an Infosec case?<\/p>\n
I suspect the real problem is that privacy and information security statutes don’t have enough teeth. If this senior manager was facing 20 years in jail for an infosec compromise, I am sure he would think differently. As it stands, nothing he does will get him properly punished in a court of law, so he must be talking about the court of public opinion. This is, sadly, so seriously misled by the tabloids that it is easy to see he would be hounded to the brink of suicide if it turned out he had withheld data that might<\/em> have possibly<\/em> prevented the death of a child. In a similar manner, if it turned out he had lost a disk containing the personal details of 250,000 people it would get, maybe, a few column inches.<\/p>\nTo an extent this is our fault. We want easy to digest news. We ignore the mights and possibilities in the first instance, so we can get to the meat of saving the child. In the second case, its too technical, too distant and probably doesn’t affect “us” so we don’t really care about it. We, the public, are stupid.<\/p>\n