HMRC kept bank data on lost discs to save money, say Tories
- 23 November, 2007 09:24
HM Revenue and Customs failed to "desensitise" the data on 25 million people that it lost in transit to the National Audit Office because removing bank details and other sensitive information would have required an extra payment to data management contractor EDS, the Conservative Party has claimed.
Prime minister Gordon Brown and his chancellor, Alistair Darling, have been under fire over the scale of HMRC's data loss. Records of 25 million child benefit claimants and their children -- including bank details and other confidential information -- were on two computer disks lost in transit to the National Audit Office, the government's financial watchdog.
The government has blamed an unnamed junior official for sending the data out insecurely, in breach of HMRC's procedures.
But the Conservatives claim a briefing paper by Sir John Bourn, the head of the NAO, says senior HMRC officials allowed sensitive data to be given to the NAO. The briefing document was sent to the chancellor and also provided to Edward Leigh, the Conservative MP who chairs the Commons Public Accounts Committee.
In the Commons yesterday, Leigh told MPs that Sir John Bourn, the NAO's comptroller and auditor general, had requested only National Insurance numbers relating to child benefit claims. "It is clear that the [auditor general] specifically asked that all personal details, bank account details and all that sort of information should be removed before this was sent. That is the most important thing," he said.
The Conservatives claim the briefing document confirms that a senior business manager at HMRC emailed the audit body in March to say the data would not be stripped down before being dispatched to the NAO.
Sir John Bourn's briefing adds that the reason given in the email -- which was copied to an HMRC official at assistant director level - was that desensitising the data would require an extra payment to EDS as it fell outside the scope of EDS's data management contract.
Shadow chancellor George Osborne said: "These startling revelations from the NAO call into question the entire defence mounted by the prime minister of this catastrophic failure in his government. This was systemic failure not individual error by a junior official."
He added "Gordon Brown needs to tell us the whole truth of why the security of all families in the country has been put at risk."
An NAO spokesperson confirmed that the audit body only requested NI numbers, child benefit numbers and children's names in order to select a risk-based sample of cases to audit as part of anti-fraud work.
"We did not want bank account details, parents' details or addresses," he said.
The spokesperson would not confirm the contents of the briefing.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
Yelp speeds database access with flash storage
Thanks a million, Drupal
OS upgrades: Cheap is better than pricey, free is better than cheap
Amazon vs. Google vs. Windows Azure: Cloud computing speed showdown
The rise of security-as-a-service in Australia