“He’s such a cute kid…”

No, really, that’s what the Times of London claimed, in an article today, was the reason given by a Delhi Call Centre’s Head of Personnel for taking on someone who allegedly collected and sold account holder identity details. Addresses, passwords, credit card security codes, the works – and he said he could get 2,000 such details a month!

The Head of Personnel apparently had no qualms in taking him on, even though they hadn’t got any of the required three references. The reason that a company has clear rules on things like references, and rigorous cv scrutiny and checks, is that a significant percentage of people lie on their cvs and and at interviews. Organizations dealing with confidential information have an obligation to apply basic recruitment discipline – the principles of which pre-date the Internet.

Information security depends on people, process and technology – working together. When one component fails, there’s a hole – and the bad guys exploit holes ruthlessly. As this one Head of HR has found out.

“I wasn’t fussed about the reference because I thought he had vision,” she said. No lie!

Will she keep her own job after so egregious a breach of basic personnel procedures?