Home

The Enterprise Privacy Group is a centre of expertise in privacy, data protection and identity-related issues. We work with central and local government, leading private companies and research organisations to resolve privacy and identity issues, and to develop innovative and efficient privacy management solutions.

HMRC Data Loss
[Toby Stevens] HMRC has lost a mountain of personal information - possibly the biggest known loss of personal data in UK history. How did this happen? And what will be the implications of the government's liability statement?

It's only a few months since HMRC last admitted to losing a CD full of personal information. They said they'd change their ways. So what's gone wrong here?

The real issue here is not the fact that they sent an unencrypted CD of personal data via their internal mail service. To the best of my knowledge, this doesn't actually represent a breach of HMG's rules, although I must stress that this is speculation. What really concerns me is the fact that a 'junior official ' had access to all that information in the first place without anyone to check that the information was handled correctly. Excuse me - if a junior member of staff, or any member of staff for that matter, has access to 25m names and bank details, why are they not being supervised?

This may or may not be a breach of HMG security rules, but it certainly is an outrageous disregard for the privacy and safety of the citizens whose data is being handled. But at least, for once, the buck has stopped almost at the top with the resignation of the Chairman.

From a personal perspective, I am relatively unconcerned about the security implications for my own bank accounts. The criminal trade in personal data is thriving, and hence I subscribe to services such as Garlik to keep an eye on things. Suggestions that the government should pay for everyone to have access to such credit record services seem very sensible. But it won't stop identity fraud, and only yesterday a colleague had £20,000 taken from his American Express card.

There is a significant repercussion of the data loss. On Newsnight , a Treasury Minister stated that "nobody would lose out as a result of this". Initially she said that this referred only to individuals, but when pressed she stated that it would also cover companies. Now, if the government sticks to this policy, it has profound implications for the National Identificiation Scheme : to date, the policy has been that the government will accept no liability for fraudulent activity arising from inaccuracies in the National Identification Register or misuse of cards. Does this represent a u-turn? An acceptance of liability would be a radical policy shift in the right direction for the ID cards scheme, and it will be fascinating to see how this plays out.

(These views are the author's own and do not necessarily represent the views of the Enterprise Privacy Group's Member organisations)

 


Views: 2924

No Comments

Only registered users can write comments.
Please login or register.

Powered by AkoComment Tweaked Special Edition v.1.4.6