We don’t know what happened to the Education Ministry’s hard drive. Neither do they. In that case, our guesses are probably as good as theirs.
It could be that the hard drive was not treated with the respect it deserved. Data management is an important function, but that is not always recognized by senior administration.
That might help explain why the data were not encrypted, which in itself a sign that some person, or several people, did not understand the privacy aspects of the data involved.
It could be that the hard drive was assigned to lower-level staff members who were not properly trained or given the time to do their jobs properly. Maybe that person has retired, so the collective memory of what happened has been lost.
It could be that the person was moved to a different job within government, and the position was not filled — the classic “let’s see if we really miss their work” method of attrition.
The drive could have been shoved into a box and then moved to a different location without proper documentation. That might have happened a second time, and a third. Maybe it is sitting in the back of a shelf far removed from the logical places to look.
Perhaps the drive has been re-used. With nothing on it to indicate its value, its re-use could have been seen as a sign of a responsible employee. (No need to buy a new drive, we have a spare one here!)
With all the talk of accountability in the civil service, there are still major gaps. There are senior people jockeying for better positions and junior people scrambling to keep up with the changing forces above them. In all of that, there is the chance for work, and hard drives, to fall through the cracks.
The fact that this data breach happened in the Education Ministry is not a surprise in one way. This is the ministry that proudly introduced a universal desk-sharing system for employees in its Superior Street building. Rather than having assigned desks, employees faced a free-for-all each day as they sought places to sit. This shared-desk approach, which surely delighted management consultants somewhere, drained morale and employee effectiveness.
Some important data went missing from an office like this? Why would anyone be surprised?
That said, the breach could have happened in any ministry. We have no idea what happened, so the list of possible explanations is long.
But this is the message that needs to get through: Data management today is not the same as it was a generation ago. Back then, it would have been impossible to lose a vast amount of information, because the value of all of the paper files would have been obvious to everyone involved, and noticed at several steps along the way.
These days, the data can fit in a small box. That box can be misplaced or stolen, or the data overwritten in the blink of an eye.
The government needs to find a better way to deal with its data. If it does not, many more serious data breaches will occur.
Data management is not a side job for a junior employee. It is a key function to be handled by people with the proper information-technology, privacy and archival training.
Let’s hope that the Education Ministry has taught, unintentionally though it was, the rest of government (and private business, for that matter) a valuable lesson on data management.