New Revenue & Customs chief makes data security a priority

Security measures will be in place by 25 June 2011

HMRC is implementing a major data security overhaul

New HM Revenue and Customs (HMRC) chairman Mike Clasper has made data security a top priority on taking over the post vacated when his predecessor resigned after the department lost two discs containing 25 million child benefit records.

The new head of the tax authority set the tone in a foreword the HMRC autumn Performance Report for 2008, giving as the first of four key priorities "data security and implementing the Poynter Review recommendations".

His predecessor Paul Gray quit with a £300,000 payoff over the scandal in November 2007.

Kieran Poynter, former chairman of accountant PricewaterhouseCoopers carried out an investigation into the data loss. He said security could not be guaranteed by technology alone and required strong management as well.

Clasper said HMRC’s Data Security Programme is working to implement all Poynter's recommendations.

"It is therefore essential that all of our colleagues know that data security is both an individual and a collective responsibility," he said.

Clasper said a key step was to clarify what senior leaders must do in their areas of responsibility.

The autumn report said the department is "absolutely committed to delivering all of the recommendations" by 25 June 2011, in compliance with an enforcement notice from the Information Commissioner.

The report claimed "good progress" has already been made by removing the ability to save data to portable media except where there was a compelling business case, with tight restrictions on the bulk transfer of data; the issuance of a pocket rulebook to all staff; mandatory face-to-face security workshops for all employees; clearer accountabilities; and the appointment of data guardians.