Information Commisioner's Office decline Scouts' database investigation

The Information Commissioner’s Office has said that it has no plans to investigate the issue regarding a reportedly unsecure database of personal details of members of the Scouts.

According to The Register, the Scout Association’s database holds the contact details of 450,000 young people and volunteer adults, and a Scout leader contacted The Register to express concerns that the Compass database is not secure, despite the organisation’s assurances it had been tested. The system has been in development for two years and went live in September.

It has been reported that users could change details such as date of birth of other members, and previously the system’s search functionality had to be modified after members reported that a basic records search yielded too much information.

A spokesman from the association said the safety and security of everyone associated with the movement is always paramount. They said: “We have engaged highly regarded contractors and security experts to ensure that we comply with data protection legislation and keep our data safe. We regularly check the security of our systems by using specialists in this field.”

A statement from the ICO said that given the amount of information available and the Scouts latest response that that the database remains secure, it had no plans to investigate this issue at this time.

“If someone is concerned about The Scouts handling of their information they should raise their concerns with the organisation in the first instance,” it said. “If they believe their concerns have not been addressed and they have evidence to show a breach may have occurred then they can bring the details to our office.”

Jon Baines, chair of the National Association of Data Protection Officers (NADPO), said: “The issues raised by the whistleblower sound concerning, and if the system has been in development for two years it is difficult to understand how such an apparently fundamental security flaw was overlooked.

“NADPO, as an affinity group for those working in the field of data protection, offers members current news and views on the subject, and gives them the opportunity to attend events and network. We feel that membership is one of the best ways to stay current and in touch with key people and developments.”

The post ICO says Scouts investigation is unlikely appeared first on IT Security Guru.