Government property tax agency fails IT security checks

Database contains photos of properties

The Conservative Party has claimed that the agency behind a government database containing details of more than 800,000 homes in the UK has failed to meet agreed public sector standards for information security.

The Valuation Office Agency (VOA), part of HM Revenue & Customs responsible for council and business tax inspections, has failed all six “minimum target standards” for security and has not met government information assurance criteria, said the Tories.

The claim is based on details in the agency’s annual report and new parliamentary questions on the matter.

The VOA is building a property database, which currently holds 834,000 digital photographs of people’s homes on file, along with detailed attributes for each property, as well as photos of 1.1 million businesses.

The agency’s annual report, published in July, said: “In March 2009 we commissioned external consultants (Deloitte) to undertake a high level assessment of the maturity and effectiveness of VOA information security in line with good practice standards (HMG Information Assurance Maturity Model & Assessment Framework, aligned with ISO 270001). Their assessment shows an overall maturity rating of the VOA across the six process areas below minimum target standards... [We are] commissioning our IT partners to undertake an extensive risk management review of all our information systems.”

The Tories said that VOA has “repeatedly refused to conduct a Privacy Impact Assessment” of the database, and that the agency believes that homes are not “personal data” and therefore not protected by the Data Protection Act.

The party also claimed that ministers have refused to publish a “devastating” report by Deloitte on the security failures.

Tory MP Philip Dunne posed a parliamentary question to the Treasury requesting a copy of the Deloitte report assessing VOA’s information security.

The reply from economic secretary Ian Pearson said the report had been “classified as restricted, and cannot be published”.

“I fear that this Big Brother property database, complete with intrusive photographs, is now a ‘Burglars’ Charter’,” said Caroline Spelman, shadow secretary of state for communities and local government.

“Labour’s insecure property database is an IT accident waiting to happen – and a DIY guide to thieves to identify the easiest and most lucrative home to rob.”