Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Government monitoring FOI requests?

360 View

By 360 View
in Local News

 Share

Recommended Posts

360 View Enthusiast

360 View

Posted
Posted

So someone’s been snooping in the FOI system now have they? Are they that paranoid?

https://www.gov.im/news/2023/jun/15/low-level-foi-breach-addressed/

But it’s OK, we can rest easy - “The Office of Cyber Security and Information Assurance has confirmed that no personal information has been viewed by any individual outside of the public service or transferred outside of the Government network.” - that makes it perfectly acceptable then does it?

These people must live in a parallel universe. Can you imagine nosing around in a system out of idle curiosity being OK anywhere other than in IOMG? In the private sector you would be marched off the premises FFS. 

  • Haha 1
  • Confused 1
Link to comment
Share on other sites
  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Roger Mexico
Roger Mexico

If you read that statement he's issued in reply to the OCSIA press release, he's past that and is already sharpening his teeth.  That's what gets me about that press release, it was so completely

Roger Mexico
Roger Mexico

There's a handful, as well as the LAs and Manx Radio, CURA and the FiU don't seem to be there. There's one paragraph I missed before which may be very significant: The Commissioner’s investi

Non-Believer
Non-Believer

Most of them are up to their necks in it as well, as Departmental members, I reckon their public contributions will be few and far between. The long favoured policy of staying Schtum and hoping it goe

Posted Images

The Voice of Reason Grand Master

The Voice of Reason

Posted
Posted
10 hours ago, 360 View said:

Can you imagine nosing around in a system out of idle curiosity being OK anywhere other than in IOMG? 

Well the notice doesn’t say it’s OK to nose around. 

I can imagine  anyone working in the public service in any jurisdiction having a nose if the system allowed it. 
I’m sure these type of access rights ( until they were closed off) are not unique to the IOM.

I also would believe that public service people have a provision in their employment contracts regarding the confidentiality of information obtained in the course of their employment. This would apply whether or not there was a legitimate reason for them to access such information.

Link to comment
Share on other sites
english zloty Mentor

english zloty

Posted
Posted

https://www.manxradio.com/news/isle-of-man-news/foi-data-breaches-prompt-investigation-into-cabinet-office/

ramped up a bit now. that's one hell of a bored worker - good job they're senior so a) setting an example b) using public funds wisely

sacking i hope (or secret pay off) whichever is the most likely

Link to comment
Share on other sites
Gladys Grand Master

Gladys

Posted
Posted
3 minutes ago, english zloty said:

https://www.manxradio.com/news/isle-of-man-news/foi-data-breaches-prompt-investigation-into-cabinet-office/

ramped up a bit now. that's one hell of a bored worker - good job they're senior so a) setting an example b) using public funds wisely

sacking i hope (or secret pay off) whichever is the most likely

Unless it was thought to be legitimate within Cabinet Office to monitor FOI requests across government and the unintended consequence was a data breach because they misunderstood the rules.  But the IC will investigate, and from what I have seen, he pulls no punches. 

  • Like 2
Link to comment
Share on other sites
Two-lane Grand Master

Two-lane

Posted
Posted

"accessed personal data in the system used to record and manage Freedom of Information requests."

My bold - and may be just journalistic phrasing.

"nor is it known why the breaches went undetected by the system administrator.  "

Hmmm.... It is not like me to jump to conclusions about people in the Cabinet Office.

  • Haha 1
Link to comment
Share on other sites
Gladys Grand Master

Gladys

Posted
Posted
1 minute ago, Two-lane said:

The Cabinet Office can monitor FoI requests in the same way that you do, and that does not require any breach of any regulation

Maybe, but perhaps that was not understood and that is not good or excusable.  Not excusing it, but just offering a possible reason other than personal nosiness. 

Link to comment
Share on other sites
Two-lane Grand Master

Two-lane

Posted
Posted
10 minutes ago, Gladys said:

Maybe, but perhaps that was not understood and that is not good or excusable.  Not excusing it, but just offering a possible reason other than personal nosiness. 

Bloody hell, Gladys. You are so even-handed you could probably see the good side of Atilla The Hun. 1,200 data accesses across 20 departments in one year is a great deal of nosiness in office time.

And, by the way, not knowing the rules is not an excuse - as the judiciary tends to say.

  • Like 1
Link to comment
Share on other sites
Gladys Grand Master

Gladys

Posted
Posted
Just now, Two-lane said:

Bloody hell, Gladys. You are so even-handed you could probably see the good side of Atilla The Hun. 1,200 data accesses across 20 departments in one year is a great deal of nosiness in office time.

And, by the way, not knowing the rules is not an excuse - as the judiciary tends to say.

Unless, as I say, they thought it was legitimate to monitor FOIs across the whole of government.  It is interesting that it was just one person, which makes me think that they thought it was part of their job, or they were asked to do it. 

Not knowing the rules is no excuse at all, which is exactly what I have said.  But to jump to the conclusion that it was pure nosiness, perhaps, isn't justified, yet, perhaps. 

  • Thanks 1
Link to comment
Share on other sites
Roger Mexico Grand Master

Roger Mexico

Posted
Posted

It's quite astonishing behaviour.   The original press release was put out by the Office of Cyber Security and Information Assurance, which is part of Cabinet Office and was designed to reassure everyone that there was nothing to worry about.  The Information Commissioner is not impressed:

Whilst the news item published on 15 June 2023 would appear to be premature, presumptive and potentially prejudicial to the ongoing investigations, the Commissioner considers it is necessary to confirm that, between 1 April 2022 and 22 March 2023, the senior officer accessed the personal data contained in over 540 FOI requests, made to 20 separate public authorities, on more than 1200 occasions.

So one of the more clued-up public authorities noticed that their FoI Requests had effectively been hacked and reported it to the IC for investigation.  When this started the Cabinet Office decided to declare that it was all trivial and that we shouldn't be bothered that there had been "access by an individual from a public authority with administration rights to information requests submitted to other public authorities".  Who the IC now tells us was "a senior officer in Cabinet Office", oddly enough a fact omitted from the press release.  But that tells us that those who are worried can be reassured by contacting OCSIA.  Who are part of the Cabinet Office.  And it won't happen in future because the only people who will be able to access the data will be OCSIA

The numbers also tell us that this isn't just casual curiosity or people accidentally straying into the wrong part of a system.  This is systematic monitoring of personal data to which there shouldn't be access, by someone who clearly has it as part of their job.  The Cabinet Office clearly thinks it should monitoring those awkward customers who ask inconvenient questions.  More personal and confidential information may also be involved - not all FoI requests are published, especially those that relate to individuals.

  • Like 2
Link to comment
Share on other sites
finlo Grand Master

finlo

Posted
Posted
2 minutes ago, Roger Mexico said:

It's quite astonishing behaviour.   The original press release was put out by the Office of Cyber Security and Information Assurance, which is part of Cabinet Office and was designed to reassure everyone that there was nothing to worry about.  The Information Commissioner is not impressed:

Whilst the news item published on 15 June 2023 would appear to be premature, presumptive and potentially prejudicial to the ongoing investigations, the Commissioner considers it is necessary to confirm that, between 1 April 2022 and 22 March 2023, the senior officer accessed the personal data contained in over 540 FOI requests, made to 20 separate public authorities, on more than 1200 occasions.

So one of the more clued-up public authorities noticed that their FoI Requests had effectively been hacked and reported it to the IC for investigation.  When this started the Cabinet Office decided to declare that it was all trivial and that we shouldn't be bothered that there had been "access by an individual from a public authority with administration rights to information requests submitted to other public authorities".  Who the IC now tells us was "a senior officer in Cabinet Office", oddly enough a fact omitted from the press release.  But that tells us that those who are worried can be reassured by contacting OCSIA.  Who are part of the Cabinet Office.  And it won't happen in future because the only people who will be able to access the data will be OCSIA

The numbers also tell us that this isn't just casual curiosity or people accidentally straying into the wrong part of a system.  This is systematic monitoring of personal data to which there shouldn't be access, by someone who clearly has it as part of their job.  The Cabinet Office clearly thinks it should monitoring those awkward customers who ask inconvenient questions.  More personal and confidential information may also be involved - not all FoI requests are published, especially those that relate to individuals.

Collating a 'hit list' so to speak.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...