contents | business | |||||||
| Ovum on: PA Consulting’s Home Office Contract Loss Is a Lesson to All Suppliers by Tola Sargeant, principal analyst at Ovum The Home Office terminated PA Consulting's Ј1.5 million JTrack contract last week – and is reviewing all the firm's other contracts with the department – after PA lost an unencrypted memory stick with data on 84,000 prisoners. The Home Office's prompt action is a lesson to all suppliers working with sensitive government data and could have implications for other database contracts, including the National Identity Scheme. "Home Secretary Jacqui Smith announced last week that, following an inquiry into the data loss incident, PA Consulting has lost its contract for JTrack, the system used by the police and Crown Prosecution Service to track some offenders in England and Wales. Work on the three-year contract, which is believed to have been worth about Ј500,000 a year to PA, has been taken in house. The Home Office will look to recover costs from PA and is also reviewing the firm's other contracts with the department." "A report by the Information Commissioner's Office found the data was sent to PA Consulting on encrypted CD-ROMs, or by secure email, but was then transferred to an unencrypted memory stick by a PA employee in breach of the company's contract and its own security policies. The memory stick is now missing, presumed stolen." PA Consulting's prized reputation in the government sector will be hit hard "The Home Office's prompt action is to be praised – after a string of similar incidents, a zero-tolerance policy to the loss of sensitive government data is long overdue." "For PA Consulting, however, the Home Office's move is a huge blow in a sector where track record and reputation are vitally important. The firm has had its reputation tarnished by the actions of a single employee who breached the company's established information security processes." "PA will be nervous about the financial cost of the data breach. While the JTrack contract is small, the Home Office is also reviewing all PA's other contracts with the department – including the National Identity Scheme, where PA is the lead consultant and has been paid Ј100 million to provide the design, feasibility testing, business case and procurement elements to the programme. Even if other contracts are not directly affected, PA is likely to find it more difficult to convince central government departments to do business with it in the near term. This is clearly not good news for a company that derived 60% of its Ј100 million UK software and IT services (S/ITS) revenues from the public sector last fiscal year, of which over half came from central government." All suppliers to public sector should revisit their information security processes "PA's woes should be a lesson to all S/ITS suppliers handling government data. Other suppliers that have recently lost sensitive information – such as Ministry of Justice contractor EDS, which lost prison officers' details – will no doubt be feeling particularly nervous. But all S/ITS suppliers should take the opportunity to revisit their information security processes." Pressure to bring databases back in house will grow "We have seen an increase in spending on secure access projects and end-point security deployments across the public sector since HMRC lost the child benefit data. But in the longer term, the impact on S/ITS spending in the UK public sector may not be so positive. We are already hearing calls for a review of the number of databases of sensitive information that the government holds and for the handling of sensitive data to be done by civil servants rather than contractors. (This wouldn't guarantee information security but it would make accountability easier.) Unless private sector companies can restore confidence in their ability to keep such data secure, these calls will intensify. That could well mean more databases being taken in house. It would also put pressure on the government to rethink the controversial National Identity Scheme." write your comments about the article :: © 2008 Computing News :: home page |