Track and trace fail

[Borg Refinery]

https://www.southwalesguardian.co.uk/news/national/18936620.financial-watchdogs-criticise-governments-handling-test-trace/

The track and trace system has been one of the hugest disasters under this incompetent government, actually calling them incompetent devalues the currency of the word incompetent... there aren't words for the things they've done.

Take this for example -

"The NAO found that at times "parts of the national tracing service have barely been used".

Some call handlers were busy for only 1% of their paid hours in the early days of Test and Trace, the study said.

...

With the budget for the NHS Test and Trace Service (NHST&T) for 2020-21 soaring to £22 billion, the financial watchdogs said the situation needed to improve."

Are there words?

That thatcheritescot twit on youtube or some other similar twot probably has done a whole piece on this, or is currently going round the loop..

[Nick]

The T&T system is a shambles.

T and T doesn't work because people don't want it to. I've made sure the app on my phone is disabled, I don't want government departments tracking my moves. When I get back from Italy I'll tick the exempt box and carry on my normal business as I have the relevant paperwork.

[Nalaar]

It's not that simple. For example, if the hole in the wall sandwich maker keeps details of another sole-trader supplier on their phone, has CCTV covering the premises, or has a dash-cam on the vehicle collecting or delivering goods, they'll need to register.
It's best to check, because ignorance is not a defence, and violation can cost thousands...

Yes. All of these are independent from a pen and paper track and trace system.
A 'hole in the wall' that did not already meet the criteria for having to pay a fee to the ICO will not become required to pay the fee by implementing pen and paper track and trace.

[patman post]

I do not believe this is the case, as the "hole in the wall" is only storing data on pen and paper, rather than processing data etc, they do not need to register with the ICO.

It's not that simple. For example, if the hole in the wall sandwich maker keeps details of another sole-trader supplier on their phone, has CCTV covering the premises, or has a dash-cam on the vehicle collecting or delivering goods, they'll need to register.
It's best to check, because ignorance is not a defence, and violation can cost thousands...

[Nalaar]

The pub needs a data controller, who has to register, pay a yearly fee.

On the other hand how many small cafes, bars, coffee shops etc didn't do that?  Didn't know they had to register with the ICO?  If you run a small "hole in the wall" cafe why would you need to?

I do not believe this is the case, as the "hole in the wall" is only storing data on pen and paper, rather than processing data etc, they do not need to register with the ICO.

[BeElBeeBub]

Clearly someone isn't paying attention.


I pointed out that staff were collecting the sort of data you consider 'a massive ballsache to collect' twenty years ago because YOU seemed to be trying to pretend retailers had no idea how to do it.

*Collecting* data is easy. That isn't the problem at all. As you point out companies have been collecting data of all sorts for ever and using it for all sorts

The problem is *handling* the data. Keeping track of what you have consent to do with what data.

You also seem to want to pretend that teaching your staff to understand GDPR compliance is a massive ballsache too


It is nothing of the sort. Speaking as a former banking Database admin 2004-2006 and 2006-2008, CAA IT consultant 2008-2012 and multiple other posts of a like kind under the UK DPA, a Database Admin for a TFL Data Aggregator 2014-2017, a database admin and front end developer for an automotive industry 2017-mid 2020 and now a database developer at a challenger bank....


I could train an entire workforce to a standard where the UK information Commissioner would be satisfied with their understanding of the law and what they must do to comply with it in 15 minutes flat.


Because I have


Several times


It is a doddle.


If you cannot do this, and regard this simple task as a massive ballsache, then I think this speaks to your competence as a communicator and educator far more than any other factor.

GDPR came in in 2018.  Tightened stuff up a bunch

But you're right TFL or 'spoons or some other would have been able to do so fairly easily because they are already used to the data handling regime.

It's all the small places that had the burden out on them and quite clearly some failed.

It's one thing to tell you bar man not to copy down the numbers of pretty women and send pics of his junk to them, it's another thing to make sure they don't.  As the owner/data controller you could be on the hook for what your over sexed barman does.

Making sure you don't mix up the contact details for tracking with the details of people who you can send marketing emails to.

That sort of thing

Clearly it didn't happen in all cases. Mistakes were made, data was improperly handled

In all honesty, it would matter if it was incredibly easy.

The point is that bars/pubs etc shouldn't have ever had to worry about this in the first place.

It was just the government dumping the mess of it's own incompetence into the laps of small business.

[BeElBeeBub]

The training required takes 20 seconds.

Yeah it should.

"Take these details, don't use them for anything else, don't use them to chat up pretty women, keep them safe, destroy them after 2 weeks"

Done

The pub needs a data controller, who has to register, pay a yearly fee.

Prob need a written policy about CV tracking info ( an A4 sheet formally saying the above).

That's it

On the other hand how many small cafes, bars, coffee shops etc didn't do that?  Didn't know they had to register with the ICO?  If you run a small "hole in the wall" cafe why would you need to?

[johnofgwent]

20 years ago.  Yeah there were all sorts of shitty practices...it was basically the wild west.  People's data was collected for one thing then used for another and sold on for yet more use.

You may be aware but GDPR came into force a few years ago which makes the handling of info and consent for the use of that info much much more regulated. Businesses have to register, have a policy and ensure they are only using data for it's intended purpose.

I've had to do it and it's a massive ballache but there we go.

Clearly someone isn't paying attention.


I pointed out that staff were collecting the sort of data you consider 'a massive ballsache to collect' twenty years ago because YOU seemed to be trying to pretend retailers had no idea how to do it.


You also seem to want to pretend that teaching your staff to understand GDPR compliance is a massive ballsache too


It is nothing of the sort. Speaking as a former banking Database admin 2004-2006 and 2006-2008, CAA IT consultant 2008-2012 and multiple other posts of a like kind under the UK DPA, a Database Admin for a TFL Data Aggregator 2014-2017, a database admin and front end developer for an automotive industry 2017-mid 2020 and now a database developer at a challenger bank....


I could train an entire workforce to a standard where the UK information Commissioner would be satisfied with their understanding of the law and what they must do to comply with it in 15 minutes flat.


Because I have


Several times


It is a doddle.


If you cannot do this, and regard this simple task as a massive ballsache, then I think this speaks to your competence as a communicator and educator far more than any other factor.

[Nalaar]

The issue is exactly that. Training wasn't given.  It was just dumped on establishments who had no previous need for data security.

We were basically mandating women give their name and phone number to bar staff.

It doesn't take a genius to work out that some staff are probably going to abuse that.  There are documented cases of women recieving texts, messages etc from staff at bars they visited.

The training required takes 20 seconds.

[BeElBeeBub]

But on the second point you make there, bullshit. Twenty years ago when I bought my daughter - 30 today - her first proper bike, Halfords pumped me for all sorts of info about me. And I know that almost every retailer for miles around already collects such data. So the idea they have no idea what they should do to protect it is utterly risible
That they don't is another issue altogether, for which they'll be put out of business in fairly short order...

20 years ago.  Yeah there were all sorts of shitty practices...it was basically the wild west.  People's data was collected for one thing then used for another and sold on for yet more use.

You may be aware but GDPR came into force a few years ago which makes the handling of info and consent for the use of that info much much more regulated. Businesses have to register, have a policy and ensure they are only using data for it's intended purpose.

I've had to do it and it's a massive ballache but there we go.

I don't think it's any more complicated than an organised and lockable filling cabinet.

The training required for staff to comply with data protection law is minimal.

The track and trace has been a disaster here, I was reading a story not long ago about how effective the system is being used in Taiwan, but it requires a great deal of public support and that's just not going to happen here.

The issue is exactly that. Training wasn't given.  It was just dumped on establishments who had no previous need for data security.

We were basically mandating women give their name and phone number to bar staff.

It doesn't take a genius to work out that some staff are probably going to abuse that.  There are documented cases of women recieving texts, messages etc from staff at bars they visited.

The the T&T system, especially the QR system had been properly up and running reliably then the entire problem would have been avoided as the establishment would just need to stick up posters.

Bottom line

The government once again displays how rubbish it is at (in it's own words) "cyber".

Good job they aren't in charge of a massive change in the IT systems required for us to move goods on and off the island of Great Britain!

[BeElBeeBub]

On these two however, I might have to take issue
I know a bit about QR codes, having spent the last two years writing barcode driven software. I'll nip out to the Harvester with my industrial scanner and see what it makes of the screen, and then do a couple of others to see how much info they are actually encoding

QR codes are a bit outside my area but here's a good summary of several issues with them

https://www.revk.uk/2020/09/how-not-to-qr-nhs-c19-app.html?m=1

[Nalaar]

As for "why not use a pencil and paper". The big issue is data security.  Suddenly you have establishments that have never had to handle personal data, employees who have never had to handle personal data having to handle huge amounts of it.

I don't think it's any more complicated than an organised and lockable filling cabinet.

The training required for staff to comply with data protection law is minimal.

The track and trace has been a disaster here, I was reading a story not long ago about how effective the system is being used in Taiwan, but it requires a great deal of public support and that's just not going to happen here.

[johnofgwent]

The reason the QR code probably didn't scan is because they constructed it badly.

It has far to much information, mostly redundant, in it. As a result the "resolution" has to be higher (ie the little squares smaller).  This makes the likelihood of a miss-scan much higher as a bit of dirt on the lens or on the paper will disrupt things.


As for "why not use a pencil and paper". The big issue is data security.  Suddenly you have establishments that have never had to handle personal data, employees who have never had to handle personal data having to handle huge amounts of it

On these two however, I might have to take issue
I know a bit about QR codes, having spent the last two years writing barcode driven software. I'll nip out to the Harvester with my industrial scanner and see what it makes of the screen, and then do a couple of others to see how much info they are actually encoding
But on the second point you make there, bullshit. Twenty years ago when I bought my daughter - 30 today - her first proper bike, Halfords pumped me for all sorts of info about me. And I know that almost every retailer for miles around already collects such data. So the idea they have no idea what they should do to protect it is utterly risible
That they don't is another issue altogether, for which they'll be put out of business in fairly short order...

[johnofgwent]

The T&T system is a shambles.

The reason the QR code probably didn't scan is because they constructed it badly.

It has far to much information, mostly redundant, in it. As a result the "resolution" has to be higher (ie the little squares smaller).  This makes the likelihood of a miss-scan much higher as a bit of dirt on the lens or on the paper will disrupt things.

They could have designed the QR code to be much more robust but this government doesn't really know about tech.

(The same government who are putting in place the massive IT systems for our border)

As for "why not use a pencil and paper". The big issue is data security.  Suddenly you have establishments that have never had to handle personal data, employees who have never had to handle personal data having to handle huge amounts of it

There have already been multiple instances of people getting marketing texts from places they gave their details to.

Worse there have been lots of instances of women who have been contacted by waiters/bar staff from places they visited.

The opportunities for stalking and related behaviour are pretty huge.

All of this administrative burden could have been avoided if the government did a decent job and maybe hired experts rather than someone they went to University with or a family member.

Well you won't get any argument from me on that last point, but government ensured IT procurement was done the way they do it in Nigeria the day Tony Blair had meetings with Ross Perot's old software house and the Hindoojah brothers in the same week in 97, and it's been the same ever since.

[BeElBeeBub]

The T&T system is a shambles.

The reason the QR code probably didn't scan is because they constructed it badly.

It has far to much information, mostly redundant, in it. As a result the "resolution" has to be higher (ie the little squares smaller).  This makes the likelihood of a miss-scan much higher as a bit of dirt on the lens or on the paper will disrupt things.

They could have designed the QR code to be much more robust but this government doesn't really know about tech.

(The same government who are putting in place the massive IT systems for our border)

As for "why not use a pencil and paper". The big issue is data security.  Suddenly you have establishments that have never had to handle personal data, employees who have never had to handle personal data having to handle huge amounts of it

There have already been multiple instances of people getting marketing texts from places they gave their details to.

Worse there have been lots of instances of women who have been contacted by waiters/bar staff from places they visited.

The opportunities for stalking and related behaviour are pretty huge.

All of this administrative burden could have been avoided if the government did a decent job and maybe hired experts rather than someone they went to University with or a family member.