« Biometrics - Labour Government are still clueless about the technology | Main | The NO2ID Pledge - What YOU can do to stop ID cards and the database state »

HMRC data security scandal debate - still no mandatory use of encryption

The latest Labour party financial funding scandal seem to be obsessing the "Westminster Village" and has overshadowed yesterday's Opposition debate on the ongoing scandal at Her Majesty's Revenue and Customs (HMRC).

Chancellor of the Exchequer Alistair Darling admitted that the missing CD discs have still not been found or accounted for. He seems to be obsessed with the review of the data security and privacy procedures at HMRC which Kieran Poynter (see the Terms of Reference for this HMRC only review, and the other one across all Government departments, being conducted by Robert Hannigan, Head of Intelligence, Security and Resilience at the Cabinet Office)

Alistair Darling's response in the Opposition debate in the Commons on the HMRC scandal yesterday, contained a dozen references to this Keiran Poynter led review.

The junior Financial Secretary to the Treasury, Jane Kennedy , who appeared so clueless on Newsnight opposite Professor Ross Anderson, did give some more details about the current changes to procedure at HMRC prior to the results of the review.

28 Nov 2007 : Column 344


The motion asks what policy changes will be introduced to protect the public in future. First, HMRC has immediately communicated to all staff three key steps that must be followed. Transfers must take place only if they are absolutely necessary, written authorisation for the transfer must be given by a senior HMRC manager and a clear instruction must be given regarding the appropriate standard of protection for the transfer. Where directors decide that a data transfer by disc is absolutely unavoidable, such media must in every case be securely encrypted at the appropriate level. Those changes are already in place.


A number of hon. Members raised proper questions on the steps that we are taking on encryption. It may be of interest to the House to hear what has been done. HMRC has established a central team to handle encryption on behalf of the organisation, to ensure that the proper deployment of encryption is used at the appropriate level. All bulk transfers of sensitive data using CDs are being encrypted and password protected where necessary. Those procedures were implemented on 21 November. [Hon. Members: “Ah!”] Hon.

28 Nov 2007 : Column 345

This policy change still says nothing about mandatory encryption of all sensitive data on say, laptop computers or USB memory devices or via email, or extending such encryption policy to third parties like the KPMG sub-contract auditors to the National Audit Office.

George Osborne for the Conservative Official Opposition quoted some further, by comparison minor, but still, to the public totally unacceptable, data security breaches during the massive "apology letter"mailshot to the millions of families affected by this HMRC data security and privacy breach.

28 Nov 2007 : Column 299

We have also discovered that in trying to reassure people, the Treasury appears to have compounded its mistake by sending to some members of the public letters that include the personal details and national insurance numbers of other people. Those are the apology letters. The Financial Secretary shakes her head. She is obviously not aware of what is going on in the country. Let me read a couple of examples that have been brought to my attention. First, a member of the public states:

    “I have just had an apology letter {dated 21 November, 07} from Dave Hartnett {Acting Chairman} of HM Revenue & Customs apologising about the error of losing my personal child benefits data, including my bank account...which I was expecting. However, its ironic...I’ve also received 7 other apology letters that should have been sent to other members of the public in the same predicament! I’ve got all their National Insurance Numbers, their Child Benefit Ref. Number, Name and address. It really is...an absolutely awful mistake when they are trying to reinstill confidence.

    I have of course reported this to the HM Revenue & Customs helpline...I spoke to a gentleman... He made me aware I was not in the minority...this had happened to a number of individuals and asked me to relay the National Insurance No's".

My hon. Friend the Member for Banbury (Tony Baldry) brought to my attention another case involving a constituent of his who has just been sent a letter of apology that includes the names and national insurance numbers of someone other than them. The error is being compounded as we speak by the release of such letters. Perhaps the Chancellor could tell us a little more about that when he replies.

Why, exactly, on a letter of apology, was it necessary to print anyone's National Insurance Number (NINO) and Child Benefit Number ?

The concept of minimising the amount of sensitive data transfered via insecure means (the postal system) still does not seem to have filtered through to HMRC.

The failures at HMRC really do seem to be systemic ones:

Mr. Osborne:


The evidence is compelling. In September 2005, an unencrypted CD-ROM containing the bank details of taxpayers went missing. What did the Treasury say at the time? It said:

    “This is a one-off incident...we are urgently reviewing our procedures to make sure this type of incident does not happen again”.

Of course it did happen again. In May, the details of 42,000 families who are claiming tax credits were sent to the wrong people. The Treasury then said

    “we have robust procedures in place to protect information provided by”

the public. But of course they did not, because earlier this month the national insurance details of a further 15,000 people were lost on a CD-ROM. The Government then said:

    “we have reviewed our arrangements and introduced safeguards to prevent this happening again”.

I am grateful to my hon. Friend the Member for Banbury for bringing to my attention the case of Mr. Leaver, a constituent of his from Bicester. In July, Her Majesty’s Inspector of Taxes sent two letters apparently intended for Buckinghamshire county council to his home address in Bicester. They contained the names and national insurance numbers of all the employees who had recently left that council. Mr. Leaver phoned Her Majesty’s Inspector of Taxes and was told, “We are very grateful for your telling us this. We will correct the error.” He

28 Nov 2007 : Column 302

has subsequently received five more letters. My hon. Friend raised this with HMRC, which confirmed that that was the case, and having looked into the matter, it said:

    “We did indeed hold an incorrect address for Buckinghamshire County Council.”

Mr. Philip Hammond (Runnymede and Weybridge) (Con): In Oxfordshire.

George Osborne also reminded us that the previous review into the cockups and criminal fraud at HMRC regarding tax credits, i.e. the Cosby Review, is still being kept secret.

28 Nov 2007 : Column 303


The Chancellor will no doubt tell us about the fact that the chairman of PricewaterhouseCoopers has been asked to conduct yet another review of HMRC’s security procedures. Will he confirm that we are still awaiting the results of the previous one? Does he remember something called the Crosby review? It was set up last year to explain how HMRC’s tax credits system had been defrauded of £1.7 billion. Parliament was promised the report this summer, and I know that Labour Members were eagerly awaiting its arrival so that they could read it during their summer break. The Chief Secretary to the Treasury disappointed us, saying that it would arrive later in the summer, but we are now approaching December and there is still no sign of it.

The Liberal Democrat acting leader Dr. Vince Cable, made some good points, and called for a review of the weak Data Protection Act 1998, calling for a more effective right of citizens to see and correct Government data on them, and for penalties for HMRC or other negligent data managers, who are currently above the law.

28 Nov 2007 : Column 315


Dr. Cable: Indeed. It is a question not just of the size of databases but of the whole system and the interconnection between them, with the risks multiplying many times over.

My next point relates to what this sorry episode suggests to us about data protection legislation. The subject arouses great annoyance in many quarters, and I believe that the Conservatives have suggested that they will repeal the data protection legislation. There is an appalling contrast between how individuals encounter the workings of the Data Protection Act 1998, which are about form filling and obstruction, and what members of the public see in the conduct of government, which is inefficiency and leakage. That lack of balance and accountability is at the heart of a great deal of disillusionment. In the light of that, I wonder whether we should return to the 1998 Act and introduce some

28 Nov 2007 : Column 316

new principles, one of which is that individuals should have access to the data that the Government hold on them and the right to correct that data.

Another principle that stems directly from the current affair is that where data managers have committed serious errors or been negligent they should be open to some penalty. Apparently no penalty currently exists. It might have been a bit of a joke that the Metropolitan police were fined several hundred thousand pounds for the shooting of de Menezes, but the data managers in HMRC face no penalties whatever under existing legislation. Surely that should be addressed.

It still appears that backbench Labour MPs like Kali Mountford, still persist in their mistaken beliefs about "biometrics":

We cannot leave home without our biometrics; they are with us always. To say that, because of this one mistake-- [ Interruption. ] It is a huge mistake; I do not take issue with that fact. But however big it is, and wherever those discs are, my biometrics are with me now, and no one can take them off me. Wherever I go, they are with me. I could go into a bank and put my fingerprint down, but it would not be on that database because it would be separate from my biographical details.

28 Nov 2007 : Column 319

She still does not understand the basics about biometrics and databases and what is being proposed by her Government regarding the centralised biometric National Identity Register.

"Biometrics" as used in, say, fingerprint scanners, are not magically withdrawn from the scanner machine or the database which it is connected to when you take your hand physically off the device. Such scanners effectively make yet another digital copy of an image of, say, your fingerprints.

She still does not appear to understand that such biometric technology cannot be used securely from your home PC via the internet or over a mobile phone, simply because the equipment under your control cannot be trusted by the system not to have been compromised by a computer virus or physically tampered with by criminals.

Kali Mountford was suspended from the House of Commons for 5 days in 1998, for leaking an advance copy of the then Social Security Committee report on the taxation of Child Benefit to the then Chancellor of the Exchequer Gordon Brown's Parliamentary Private Secretary Denis Toughig. - BBC report

Are there other people out there who agree that: HMRC Is Shite - a blog "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."


i was at airdrie library yesterday (monklands scotland) and the assistant told me that one of their computers was stolen by a memeber of the public. how they managed to get it out unnoticed is hard to understand. the day before i was in the same library and the computer i logged onto displayed someone elses email account which meant i had access to this persons emails. i immediately reported it to the staff at the library who explained that maybe the previous user didn,t log off properly. surely this shouldn,t be able to happen. i could have read this persons emails. there must be something seriously wrong with the security of the computers at the library. anybody else out there experienced this lapse in security?

I had to laugh at that bit about Oxfordshire and Buckinghamshire.

Post a comment