PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Youth Justice MIS takes small interim steps to protect youth data

Posted on October 6, 2010 by pogowasright.org

I’ve occasionally blogged about databases concerning UK youth.  One of the problematic ones is a database of those considered youthful offenders.  The Information Commissioner’s Office (ICO) has been speaking with the Youth Justice Board (YJB) over the administration of the Youth Justice Management Information System (Youth Justice MIS), as the database not only contains a great amount of sensitive information, but there seem to be a lot of people who can access the information, which is always cause for concern.

In the current issue of the bulletin on their site, the YJB discusses its most recent meeting with the ICO:

…. It was agreed that the YJB needed to continue collecting ‘mandatory’ data items in order for them to meet their statutory obligations under s41 of the Crime and Disorder Act 1998. However, the ICO’s view that data contained within the Youth Justice MIS should be considered as ‘personal’ data for the purposes of the Data Protection Act 1998 had not changed and the YJB recognises that the data should be treated accordingly.

[….]

As an interim measure, the YJB has commissioned technical changes that will result in key non-mandatory data items being removed from the core dataset available to Youth Justice MIS users.

Note that the data are not being removed from the database but are merely being removed from what is most widely available to users.  As a temporary measure, it will also temporarily remove the date of birth from what is available to most users of the system, even though date of birth is a mandatory piece of information that they collect.

In addition, the YJB will restrict user access to view this data, so only those users with a need to know will have access to sensitive personal data.

Which is as it should always have been.

These changes to how data is shared will be applied retrospectively to all data currently held within the Youth Justice MIS and to any new data uploaded. This should immediately address the concerns raised around personal data items held in Youth Justice MIS and mitigate any potential legal threats that YOTs may face from third parties.

Ah yes, let’s protect our own from litigation.

As a separate activity, the YJB is going to undertake an audit of inactive accounts, with the view to deactivating redundant user accounts.

Again, why hasn’t this already been part of their procedures? Have we not seen more than enough evidence of employees and others snooping into databases that contain sensitive information? Tiered access controls, auditing access on a regular basis, and removing data that does not need to be made available are all sound data protection policies. It’s a shame that it’s taking pressure from advocacy groups and the ICO to get YJB to do what seems somewhat obvious to do.    I expect that the ICO and advocacy groups will keep pressure on them to move as quickly as possible to harden their privacy and security controls.

Of course,  what the YJMIS proposes are interim steps.  In the interim, though, youth’s sensitive data continues to remain at risk of snooping or exposure.

Category: Non-U.S.

Post navigation

← UK ICO announces views on EU data protection law
Give us the encryption key so we can find evidence against you →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim

RSS Recent Posts on DataBreaches.net

  • Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy