20 Nov 2007
Child benefit records for 25 million people, including bank details for 7.25 million families, have been lost by HM Revenue & Customs (HMRC).
Chairman Paul Gray has resigned in what the Chancellor of the Exchequer describes as an "extremely serious failure by HMRC in its responsibility to the public".
Further reading
The police are investigating the situation and banks and building societies have been alerted but so far there is no indication of fraudulent activity affecting the relevant accounts.
"Millions of people across the country will be very concerned and I deeply regret and apologise for their anxiety," said chancellor Alistair Darling told the House of Commons this afternoon.
The problem occurred when a junior official at HMRC sent CD copies of the child benefit database using the department's private postal system in response to a legitimate request from the National Audit Office. When the discs never arrived, they were re-sent – this time using registered post – and arrived as expected.
Darling was keen to emphasise that the officials actions were not in line with departmental procedures.
"The way this was handled was inexcusable - HMRC has well laid down and established procedures which were breached," he said.
The government has been in consultation with the Information Commissioner since the problem first came to light but it is highly likely that the Data Protection Act has been broken.
Shadow chancellor George Osborne called the situation a "catastrophic mistake ".
"What is the point of passing laws to protect people's personal information if they are not even enforced in the heart of government?" he said.
The government says procedures at HMRC are now being reviewed – including senior management approval needed to downloading from any databases.
But the breach is the third time this autumn that the department has lost citizen data. In September 15,000 records went missing and a laptop with 4000 people's information on it was stolen from a car.
Pricewaterhousecoopers chairman Kieran Poynter has been asked to investigate HRMC's data handling and is to produce an interim report in the next month and full conclusions in the Spring. In the short term, all staff have been instructed that downloading from departmental databases is only allowed with express permission from senior management.
What strikes me is that HMRC put all of this sensitive data on to CDs because it was "too hard" to just extract the fields that the NAO had asked for. According to an HMRC official the systems they have in place are not "sufficiently flexible" to do this and they did "not want to overburden the business ... and incur cost" - what poppycock!
What systems are HMRC running? Selecting just those fields that were required by the NAO should be no more than a 5 minute job with appropriate software.
Posted by: Steve Tuck, Datanomic 27 Nov 2007
Have your say on this article
Newsletters
Latest stories from Public Sector
You may also like
Public Sector jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
