New data procedures at HMRC

Shutting the stable door...

HM Revenue and Customs staff have been ordered not to transfer taxpayer data outside their offices unless it is " absolutely unavoidable".

The emergency security procedures following the lost disks scandal affecting 25 million personal records were detailed by Treasury Financial Secretary Jane Kennedy at the end of a heated Commons debate on the security breach.

According to Kennedy, HMRC "has established a central team to handle encryption on behalf of the organisation and to ensure the proper level of encryption is used at the proper level".

"All bulk transfers of sensitive data using CDs are being encrypted and password protected where necessary.

"HMRC has removed the facility for staff to use CDs and other removable media, and only in exceptional circumstances and on approval at director level are staff given access," she said.

"HMRC is also investigating the electronic transmission of data. It is consulting with the British Bankers Association and currently undertaking further talks to agree standards for and methods of deploying electronic transfers."

Acting Lib Dem leader Vince Cable warned the House that, based on a single identity valued at £60 on the black market, the lost disks contained data valued at £1.5 billion, "which makes the Brinks Mat robbery the equivalent of stealing the church collection".

Cable questioned ministers about why the data was not transmitted electronically, warned that the move to huge government data bases now threatens "massive data loss and security", and called for a change in the law to apply criminal penalties to officials guilty of negligence or while handling sensitive personal data.

Tory shadow chancellor George Osborne derided the government's claim that the breach was the fault of a junior clerk in Newcastle and claimed there is " growing public concern" about the government's "insatiable appetite for more personal data on their citizens".

"Now is the time to scrap the flawed plans for ID cards and a national Identify Register," said Osborne.

But chancellor Alistair Darling accused Osborne of "political knockabout", claiming that ID cards will "strengthen security so that we can be confident that information that is held on us, whether in the public or private sector, is not released to third parties without our consent."