Tuesday, November 20, 2007

Missing HMRC Data

It appears that the Inland Revenue have misplaced two CD's containing the Name, Address, Family Details, Bank Details and NI number of 25million people, about half the UK.

Not the greatest hour for the Treasury.

Around the same time this data went missing, 15,000 more details went missing in the same way from another department.

The data lost was unencrypted, produced as part of the standard process used in transferring data to other departments and external companies (e.g. pension providers).

I'm reliably informed that the same practices have been going on since the late 1980's without anyone flagging up the problem.

It seems astounding that only now problems have arisen as a result. Personally I expect it has happened before but it was kept quiet (probably not the department hiding it from the public but rather a low level worker hiding it from his boss!).

I can't honestly believe that a large computer firm designed a system that allowed all the database to be dumped onto a CD in an unencrypted format. If a backup is needed then surely a basic level of security could be implemented. The system cost £2.8bn! Someone should have spotted this as a potential problem.

Nick Assinder, the BBC political correspondent, has written a good column covering the potential political damage from the whole affair which pretty sums up my thinking on the matter - So long as the CD's stay lost it will just be a big cock-up. If there is criminal involvement (which I doubt), then heads will roll.

George Osborne, the Shadow Chancellor, made a reasonable effort to criticise the government for the mistake but he seems to be missing the point:
Why does HMRC still use CDs for data transmission in this day and age?
If the data were encrypted then the transfer medium wouldn't make any difference. You could use floppy discs without a problem. Using electronic transmission without encryption would be no more effective.

Labels: ,


Post a Comment

Links to this post:

Create a Link

<< Home