You cannot spend any time in the Palace of Westminster without being aware of the deep dissatisfaction that MPs have with IPSA, the Independent Parliamentary Standards Authority.
So I am somewhat surprised that there has not been more fuss about the fact that the Information Commissioner has reprimanded IPSA for a security breach just before the summer recess when MPs’ personal information – including banking details and home telephone numbers – were at risk for 21 hours.
According to ITPro:
“A data breach at the Independent Parliamentary Standards Authority (IPSA) led to MP’s information being placed at risk, including banking details and home telephone numbers.
The breach occurred on 13 July following IT maintenance on an MP expenses database, allowing people with an expenses account and their clerks to access the information.
The security loophole was left open for 21 hours and the Information Commissioner’s Office (ICO) has ordered the IPSA to take steps to ensure such a breach does not occur again.
“This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched,” said Mick Gorrill, head of enforcement at the ICO.
“MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security.”
The IPSA, which said it reported the breach to the ICO as soon as it happened, has now signed an undertaking, which includes a requirement to ensure system administrator accounts are reviewed regularly.”
IPSA will shortly be offering courses on how to win friends ……