HMRC punishes staff over data privacy issues

HM Revenues and Customs has disciplined some 300 staff in the last three years

HM Revenue and Customs, the body that so shamed the government earlier this year when it lost two CDs containing sensitive personal data, has reprimanded 600 members of its staff for similar issues over the last three years, according to comments made in the House of Commons.

Over the same period of time the body has had some eleven meetings with the Information Commissioners Office as the result of data security 'incidents', according to MP Jane Kennedy, who is secretary to the Treasury.

In 2005 the HMRC took action against 238 members of staff, in 2006 the number dropped to 180, and last year, Kennedy admitted, 192 staff, out of a total of some 90,000 were, "disciplined or dismissed for inappropriate access to personal or sensitive data."

Kennedy added that the HMRC has introduced new, much more stringent controls over the transfer of bulk data over the same period.

Vendors were quick to point out that there were readily available technical solutions to these and other, similar problems, many of which negate the risk altogether. "You cannot force employees to stop accessing sensitive data - people are only human and mistakes are going to be made. What organisations need is technology that makes the most of centrally managed IT policies and user-based remediation, so only employees with certain levels of authority can manipulate certain data," said Brian Spector, general manager of document management control software provider Workshare's content protection group.