20 Nov 2007
Child benefit records for 25 million people, including bank details for 7.25 million families, have been lost by HM Revenue & Customs (HMRC).
Chairman Paul Gray has resigned in what the Chancellor of the Exchequer describes as an "extremely serious failure by HMRC in its responsibility to the public".
Further reading
The police are investigating the situation and banks and building societies have been alerted but so far there is no indication of fraudulent activity affecting the relevant accounts.
"Millions of people across the country will be very concerned and I deeply regret and apologise for their anxiety," said chancellor Alistair Darling told the House of Commons this afternoon.
The problem occurred when a junior official at HMRC sent CD copies of the child benefit database using the department's private postal system in response to a legitimate request from the National Audit Office. When the discs never arrived, they were re-sent – this time using registered post – and arrived as expected.
Darling was keen to emphasise that the officials actions were not in line with departmental procedures.
"The way this was handled was inexcusable - HMRC has well laid down and established procedures which were breached," he said.
The government has been in consultation with the Information Commissioner since the problem first came to light but it is highly likely that the Data Protection Act has been broken.
Shadow chancellor George Osborne called the situation a "catastrophic mistake ".
"What is the point of passing laws to protect people's personal information if they are not even enforced in the heart of government?" he said.
The government says procedures at HMRC are now being reviewed – including senior management approval needed to downloading from any databases.
But the breach is the third time this autumn that the department has lost citizen data. In September 15,000 records went missing and a laptop with 4000 people's information on it was stolen from a car.
Pricewaterhousecoopers chairman Kieran Poynter has been asked to investigate HRMC's data handling and is to produce an interim report in the next month and full conclusions in the Spring. In the short term, all staff have been instructed that downloading from departmental databases is only allowed with express permission from senior management.
What strikes me is that HMRC put all of this sensitive data on to CDs because it was "too hard" to just extract the fields that the NAO had asked for. According to an HMRC official the systems they have in place are not "sufficiently flexible" to do this and they did "not want to overburden the business ... and incur cost" - what poppycock!
What systems are HMRC running? Selecting just those fields that were required by the NAO should be no more than a 5 minute job with appropriate software.
Posted by: Steve Tuck, Datanomic 27 Nov 2007
Have your say on this article
Newsletters
Latest stories from Public Sector
Latest videos
You may also like
Public Sector jobs
Will Google’s new privacy policy impact how you use its services?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
