Wednesday, 10 September 2008

Home Office fires PA Consulting

If 22nd August was not a good day for PA Consulting – See PA Consulting in the news for all the wrong reasons – then today was even worse. Just in time for the lunchtime news bulletins, it was announced by Home Secretary Jacqui Smith that PA Consulting will lose the £1.5m, 3 year deal with the Home Office after it mislaid a computer memory stick containing the names, addresses and expected release dates The release said:

All PA Consulting's contracts with the Home Office - worth £8m a year – “will be reviewed, along with those signed with other firms”.
The Cabinet Office will also launch a review of all contracts signed by the Government with private companies to ensure they are "appropriate", Jacqui Smith added.
"Our investigation has demonstrated that while the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost."
Cancelling the contract will not cost the taxpayer and any expenses incurred will have to be met by PA Consulting, she added.

Apart from the very serious effect that this will have on PA Consulting – its reputation, finances and possible future order book – this tough action will send shockwaves through the head offices of other IT services players with big HM Government contracts. Indeed, I’d love to be a fly-on-the-wall at EDS right now as they have been involved in not too dissimilar data losses in the past.
But, at the end of the day, HM Government can hardly fire all its IT suppliers.

The initial view might be that these data losses are basic, simple human error. something akin to a Cabinet Minister leaving papers on a train. I don't really buy that. IT advances have made it possible to put gigabytes of data on a cheap and easily mis-placable memory stick. But IT advances have also meant that encrypition and other basic security should be the norm.

But, let's not be too ‘holier-than-thou’ either. How easy would it really be for an employee in your company to take important data from your computer systems? I’ve witnessed many examples of employees leaving with full contact and customer lists and copies of research.

No comments: