Friday, June 27, 2008

Too many SPOCs

What a sad & sorry tale is contained in the Poynter report on the loss of Child Benefit Data

.. the issue of data ownership had been discussed previously by HMRC management, it had not been resolved at the time of the data loss incident and confusion among HMRC departments as to where this ownership lay was a contributory factor in that loss

There was a general lack of awareness across HMRC Business Units, at least prior to the incident, of the importance of information security

It is clear that ... events, culminating in the provision of two compact discs ... to the NAO in March 2007, established a precedent which led to the subsequent loss in October 2007 of a similar data scan. … the data was provided to the NAO in full, even though the NAO had only requested a large sample and had attempted to get sensitive data redacted

As outlined above, EmployeeA held the overall “primary SPOC” role, but he was assisted for day to day information and meeting requests by a more junior member of staff. For clarity in recounting these events, this more junior role will subsequently be referred to as the “secondary SPOC”.


SPOC is not a term with which I am familiar. I feel a mild sense of disappointment that it stands simply for Single Point of Contact. In the context I thought it really might mean someone from outer space

I thought the Chancellor was showing the strain in his strange choice of language in his statement to the House: "the matter was not elevated to the senior civil service", but I find that phrase comes in fact directly from the report




Related posts: