A database that will be a central part of the ID card scheme has suffered more than 30 breaches.
In a memo by the Department of Work and Pensions, the Customer Information System (CIS) has apparently been repeatedly accessed by local authority staff, whom it claims are ‘committing serious security breaches'.
The memo stated: “To be absolutely clear, and by way of reminder to all local authority users accessing CIS, users should not access their own records or the records of friends, relatives, partners, or acquaintances, make enquiries on behalf of colleagues in respect of their friends, relatives, partners, or acquaintances, share their system, Government Gateway or other identity password with their colleagues or access CIS for any unauthorised purpose.”
It claimed that the Local Authority Support Team will provide support to local authorities conducting investigations, and can provide audit trails showing the full access history of those under suspicion.
It also warned that anyone found to be abusing the CIS may face sanctions ranging from disciplinary action to prosecution.
The CIS is designed to give local authorities access to citizens' data, including HMRC tax-credit information. It was decided in 2006 that the ID card project would use CIS for biographical information, to avoid having to create a new database of the UK population.
A statement claimed that the fact the breaches were detected proved that CIS security measures were working. It said: “The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information. This is an indication of how seriously the department and local authorities take data security.”