THE POPULAR FRONT FOR THE LIBERATION OF CPSA
FREEDOM! UNITY! SOCIALISM!
REVOLUTION UNTIL VICTORY!
REVIEWING THE VIEW
Ordinary members will be aware of the recent major cock-up when retired and associate members along with the many freebie recipients of The View discovered ballot papers for the Principal Rule change ballot nestling amongst the junk mail inside the plastic wrapper. This necessitated an expensive re-run (Ah, memories of CPSA days) of the ballot by post.
Earlier last year the PCS contract for the print and distribution was re-tendered to provide better value for money, and the contract was awarded to Redactive ("red" and "active" - geddit?) on 13th July 05. It didn't take long for a major cock-up to occur.
No, not the December one. I refer to the October fiasco when members in a number of departments received their copy of The View with the name of their department emblazoned on the wrapper.
This was a serious and fundamental error, putting at risk those who work in sensitive jobs. It would have been a reasonable decision to terminate Redactive's contract, but crucially, the recommendation was to give them another chance on the premise that it would be difficult to find another contractor at short notice....and er....more importantly, the December issue of The View was to contain the PR change ballot. Oops.
Hindsight is truly a wondrous thing! Tom GRINYER is currently pondering how many phrases he can obtain from the words "up", "tits" and "gone" interspersed randomly and frequently with the word "fucking".
It's worth noting that the October fiasco could not have happened if PCS did not distribute the name of your department alongside your name to its contractors, who are then expected to remove the departmental data before use. An unusual concept (Barry would have approved), and something that might interest the Data Commissioner if he wasn't so busy sorting out how the DWP managed to allow the details of most of its London Jobcentreplus employees (13,500) to fall into fraudulent hands. PCS has been a bit quiet about that, too - a bit of advice to members, piggy-backing on and duplicating the advice from management. Thrusting stuff - leave it to the local reps to deal with rather than recall the legal team from their skiing hols to nail the bastards. But I digress.
The entire Redactive débacle was due to be debated at the NEC this week (Thurs), but it's been shelved due to the NEC being truncated by a day because of the DWP strike. Ah, well. Perhaps they'll table it for the next NEC unless that too haplessly manages to coincide with the next strike. Some communication between the NDC and NEC might assist co-ordination in this matter.
Since it's "that time of year", are any branches interested in framing a motion to find out how much these problemettes with The View have cost, and how much of that cost is being borne by the long-suffering PCS member? How many members felt so unsafe that they resigned from the union following the October incident? How much aren't we being told - I don't recall seeing any circulars?
"Better value for money". Is it? Or is the sky now a different colour on planet PCS?
We should be told.
To: Mark Serwotka, Hugh Lanning, Chris Baugh
cc Paul Barnsley, Theresa Busby, Asad Butt, Frank Campbell, Michael Donoghue, Mike Duggan, Rosie Eagleson, Pat Hayward, Dave Newlyn, Dave Watson
Date: 5 October 2005
From: Tom Grinyer, Head of Campaigns and Communications
Subject: PCS View Mailing - Inclusion of Employers' NamesChris Baugh has asked me to prepare a report of the major problem we have had with the labelling of members' addresses with this month's View; contrary to PCS's explicit instructions employer details were included with the personal addresses on just under half of this month's View mailing.
This memo aims to set out:
How the problem occurred:
PCS retendered our print and distribution contract earlier this year, in order to ensure better value for money, while keeping or improving the same quality and standards. Print/publisher Redactive was successful in winning that contract based on cost and ability to do the job. As part of the contract Redactive subcontracted the distribution of View (including the printing of addresses) to a company called Dataforce, based in Northampton.
Michael Donoghue, Pat Hayward, Asad Butt and myself met with the Dataforce team and Jason Grant (Redactive sales director) and Gary Smith (Redactive production manager) on 8 August in Dataforce's distribution plant at Northampton to discuss distributing PCS View. At that meeting we made it absolutely clear that the employer should not be included on the label. We also made it clear that any group journals could not be identified through the polywrap, as this would also identify the members' employer. This was a repeat of an instruction given to Redactive when we awarded them the contract on 13 July, and was confirmed in an e-mail sent by Pat Hayward to Lindsey Bennett (our account manager at Dataforce) on 15 August.
On 23 August Jane Easterman, Deputy Production Manager at Redactive, went to Northampton for two reasons, the first to quality proof Dataforce's first distribution of View and secondly to make sure there were no workplace identifiers. Jane confirmed to Michael that she would ensure that there were no "workplace identifiers" included on the polybag "in any way".
Under these arrangements View was distributed successfully in September. We then informed Redactive that we were happy with the way View had been distributed and that this should be the basis for how it was distributed in future, both Michael and myself made this point to various members of the Redactive team on a number of different occasions.
In terms of the process of the submission of data - Commix holds the employment information with each record. Under the way the system allows you to extract data you cannot exclude the employer's name and this is therefore included in the data extract. (I understand following the recent similar breach of data security following the Well Woman mailing an option has now been included not to have employer information, however the Communications Department were not made aware of this.) For as long as we have used Commix (and as far as I am aware any predecessor systems) we have always submitted data in this way and a problem such as this has never occurred.
Mailing data is then sent to Dataforce, where they then check the data for duplicates, and remove the full forename (field 4) and employer name (field 9). They did remove field 4 on this occasion, however for an unknown reason they crucially did not remove field 9 for the October mailing.
For the second mailing under the new contract (October's mailin), Lindsey, who had been responsible for the mailing the previous month, was on leave. Dataforce assured us in our initial meeting that they had a buddy system in place for a handover to cover any leave. It appears that this handover was incomplete, although this is only speculation at this point in time. In this instance they only appear to have removed field 4, not field 9. As nobody from Redactive was there to spot this error, on the basis the mailing had gone successfully the previous the error was not spotted. (It is also worth noting that Dataforce did not spot such a fundamental error, as the inclusion of such information is also against normal industry standards.)
I do not need to point out the severity of the consequences of this error. We have already begun work identifying the areas most affected, including the Ministry of Defence, Assets Recovery Agency, Customs and Excise, Home Office and Inland Revenue. One small crumb of comfort is this problem did not affect GCHQ.
What we are doing to remedy the problem and ensure that it never happens again;
On Monday afternoon at 2pm Michael Donoghue received a phone call from an MoD member in Northern Ireland stating that their employer had appeared as part of the address label on their copy of PCS View. Michael immediately rang Jane at Redactive and stopped the mailing and asked her to find out if this was a one-off or part of a larger problem. We now know that this error affected 144,000 copies before it was stopped.
As I was at the Conservative Party Conference Michael also alerted me to the problem by phone and we started to put a disaster recovery plan in place. Michael immediately spoke to those areas that were likely to start taking calls from concerned members, such as the MoD. On Tuesday, when we had established the extent of the problem, in discussion with myself Michael placed an article on the intranet home page flagging up the problem, giving advice on what to do and how we were working to remedy the problem. I also contacted our Account Managers at Redactive Aaron Nicholls and Jason Grant to explain the severity of the situation and arrange an emergency meeting with them this morning.
I also alerted Chris Baugh and Mark Serwotka to the problem at the earliest opportunity and have subsequently kept them both briefed on the latest situation. I have also spoken at length with Jeremy Gautrey, negotiations officer for the Assets Recovery Agency, about the particular problems we have there in terms of data security
Meeting with Redactive
Chris Baugh, Dave Newlyn, Michael Donoghue, Mike Daykin, and myself met with Redactive this morning. I opened the meeting by explaining the seriousness of the error, this was backed up by Mike Daykin who outlined the impact on members in the Assets Recovery Agency and Chris Baugh who gave details of the wider ramifications.
In the meeting Redactive said they accepted full responsibility for the error and apologised for it. They said that they realised "it was a terrible mistake" and made assurances that it would not happen again. Redactive outlined the following actions they were taking to remedy the situation;
Following the meeting with Redactive Chris Baugh, Dave Newlyn, Michael Donoghue and myself met to discuss how we take forward Redactive's offers and any other action we need to take. We agreed to;
SFTOs will need to take a decision on the last three points.
I hope the above demonstrates that we are doing all we can to minimise the impact of this error, that we are taking it exceedingly seriously and that measures are already being put in place to ensure that it never happens again. This error is particularly upsetting as we believed that we had made it absolutely clear to Redactive the need not to include this information, and despite this the information was still published.
We have actively considered removing the contract from Redactive immediately, however this would mean in reality that we would have no View or group magazines in November and in all probability in December. Given that both November's View contains crucial information timed to coincide with the political fund ballot and December's View contains the rule change ballot this is not a realistic option. However, we do have a three month review meeting planned for 28 November. The review meeting includes the option of triggering a break clause, which Chris Baugh, Dave Newlyn and myself will attend where we can both weigh up this error and Redactive's attempts to remedy it. As a minimum I suspect we would wish to see Dataforce sacked.
I will keep you informed of any further developments. However, I am due to go on leave this Sunday for two weeks, in my absence Michael Donoghue will be liaising with both Chris Baugh and Dave Newlyn to monitor the above action points. Jason Grant has asked to be the main contact point at Redactive and is happy to attend any relevant meetings to explain the error.
Head of Campaigns and Communications
And another thing: