The Poynter Review on the loss of (and, to date, still unrecovered) CDs containing millions of child benefit records highlighted two major institutional deficiencies at
HM Revenue & Customs.

First, information security simply was not the management priority that it should have been; and second, HMRC’s organisational design was unnecessarily complex and, crucially, lacked a clear focus on management accountability.

Meanwhile, on the other side of Whitehall, the Ministry of Defence was also feeling the repercussions of its data faux pas. It has to implement the 51 recommendations of the Burton Review after a spate of laptop thefts from MoD cars.

While the MoD and the HMRC were dealing with their little local difficulties, the Cabinet Office was trying to take a longer-term view and deliver a government-wide approach to data issues. The reports into the MoD and HMRC data losses present a depressing catalogue of failures, but the Cabinet Report is intent on offering a brighter future.

It is hard to disagree with the analysis of the Information Commissioner, who said the Cabinet Office’s proposals should help chief executives in every organisation achieve better compliance with the Data Protection Act and keep people’s personal details more secure.

At the heart of the Cabinet Report is a series of measures to protect personal data and other information across government, a culture that properly values, protects
and uses information, and a greater emphasis on accountability and performance scrutiny.

It is these last two points that are now of the greatest significance. Information policies across government are in crisis. The intentions outlined in the Cabinet Report may be honourable, but it is the delivery that matters. Actions must speak louder than words.