Here we go again...
A few days ago the ScotlandsPeople website (https://www.scotlandspeople.gov.uk) was at the centre of a small media storm when it was revealed that it was possible to identify the birth names of adopted children from the platform, a situation that the National Records of Scotland sought quickly to address by completely removing the birth records of those potentially affected. You can read more about that at http://scottishgenes.blogspot.com/2023/08/scotlandspeople-provided-access-to.html. The indexes to the records were available because of the NRS's statutory obligation to provide access to its information, but this was in conflict with the courts' requirement to seal the records of adoption cases to protect the identities of those involved. How the NRS can fulfil its obligations in going forward is currently being reviewed.
But as a genealogy records platform, just how secure is the ScotlandsPeople website itself? Brace yourself...
Last November, the contents of the entire ScotlandsPeople platform were inadvertently made freely accessible online for a short period by the NRS, as discovered by my Scottish Genealogy Network colleague Fergus Smith, who runs the Old Scottish platfom at www.oldscottish.com. This followed the fairly shambolic upgrade to the ScotlandsPeople platform in advance of the 1921 census release, which caused carnage to the site's functionality, and to the various ScotlandsPeople access centres across the country, and which took a few weeks to resolve (see http://scottishgenes.blogspot.com/2022/11/users-report-problems-with.html, http://scottishgenes.blogspot.com/2022/11/problems-with-records-access-at.html, and http://scottishgenes.blogspot.com/2022/12/scotlandspeople-omnishambles-continues.html).
Fergus has now explained what happened to the BBC, which you can read about at https://www.bbc.co.uk/news/uk-scotland-66523032. (There may also be a feature about it on Reporting Scotland today; if so, I will update and provide a link.)
I've been aware of this incident for some time, and there was an expectation that the NRS would have reported it to the Information Commissioner. However, according to the NRS, "Following an urgent review, it was concluded that only one customer had accessed images in this way. This incident did not meet the threshold for reporting as a personal data breach to the Information Commissioner's Office."
Fergus quite unwittingly found himself in a situation where he realised he could access every single birth, marriage and death record for Scotland - including those which cannot be seen on the site in normal times due to the closure periods in place for online privacy reasons - and quite properly he immediately informed the NRS. For the NRS to somehow try to maintain that this was somehow not serious because "only one customer" had picked up on it is a truly appalling defence, and perhaps illustrative once again of the ongoing contempt that the NRS leadership shows to its user base, the taxpayers on whose behalf, as a government agency, the NRS is supposed to be responsible to.
As an accredited archive, the NRS should perhaps strive to take its data responsibilities a bit more seriously than it does. If that "only one customer" had been someone intent on causing malicious actions, the consequences could have been appalling.
Hopefully it will make sure that no such occurrence happens again.
(With thanks to Fergus Smith)
Chris
Order Tracing Your Belfast Ancestors in the UK at https://bit.ly/BelfastAncestors. Also available - Tracing Your Irish Ancestors Through Land Records, Sharing Your Family History Online, Tracing Your Scottish Family History on the Internet, Tracing Your Irish Family History on the Internet (2nd ed), and Tracing Your Scottish Ancestry Through Church and State Records - to purchase, please visit https://bit.ly/ChrisPatonPSbooks. For purchase in tthe USA visit https://www.penandswordbooks.com. Further news published daily on The Scottish GENES Facebook page, on Threads at @scottishgenesblog and via Mastodon at https://mastodon.scot/@ScottishGENES.
No comments:
Post a Comment