Child benefit data loss a communication muddle, claims Poynter

The tax office could have avoided the loss of 25m child benefit records on
CDs by establishing a single point of contact over sensitive data transfer,
claims the
Poynter
Review.

Kieran Poynter, chairman of PwC, catalogues a series of factors which led to
the loss of data in October 2007.

These included HMRC staff being more concerned about other issues rather than
information security, lack of appropriate authorisation for release of data and
insecure methods of data storage.

It was noted that if the CDs had been delivered by hand rather via the TNT
post service then the loss could have been prevented.

One of the key failures which Poynter highlights was the move to give the
National Audit Office the data in full when they had only requested a ‘large
sample’.

His comments were backed up by an Independent Police Complaints Commission
inquiry which said the junior employee responsible for the loss of the CDs could
not be ‘blamed’.

The government said 26 out the 45 recommendations by Poynter had already been
implemented.

‘Although no organisation, public or private, can ever guarantee that it will
never make a mistake, I believe the measures we are announcing today will ensure
that the public can be assured we are taking the necessary measures to keep
people’s data secure,’ said cabinet secretary, Gus O’Donnell.

Action already taken to improve security includes stricter guidelines on the
handling of sensitive personal data, 90,000 employees at HMRC being given
additional security training and the encryption of 20,000 laptops at the MoD.

However, it was announced in the Commons today that Information Commissioner
Richard Thomas is to serve formal enforcement notices on HMRC and MoD over
‘deplorable’ lapses in data security.