UK Gov staff caught spying on public database

Hundreds of staff across the public sector have been caught illegally snooping on a government database that stores personal data about everyone in the UK.

The Customer Information System (CIS), a central resource of the Department for Work and Pensions (DWP), holds 90 million records about members of the British public - making it one of the largest databases in Europe.

Freedom of Information (FoI) requests made by UK technology mag Computer Weekly have revealed a catalogue of abuses since the CIS was opened up to other government departments in 2005. Around 200,000 public sector workers have regular access to the database.

The magazine obtained e-mails exchanged between IT staff at the DWP and the Ministry of Justice (MoJ) which lay bare the extent of the database's security shortcomings. Security breaches generated automatic alerts, but no system was in place to follow up on these warnings.

The emails revealed that the MoJ caught HM Courts Service staff prying into personal data held on the CIS on 23 occasions.

The first time the DWP attempted to warn the MoJ about a security breach was on 29 April 2008 - three years after Courts Service staff were given access.

The DWP also caught 124 local authority staff breaching security on the CIS during the year to April 2010.

In total, 180 users are known to have peeked at personal data about - or on behalf of - relatives, friends, celebrities or themselves. At least 35 public sector employees are known to have been sacked over the breaches.

The CIS was to have formed the backbone of the now-abandoned National Identity Card scheme.