HMRC clamps down on data transfers
Tax staff prevented from transferring taxpayer data except when 'absolutely unavoidable' in security crackdown
The taxman has moved to prevent taxpayer data being lost to fraudsters by
clamping down on the transfer of information by the department.
HMRC staff can no longer transfer taxpayer data outside their offices unless
‘absolutely unavoidable’ and only then if authorised at director level, securely
encrypted and password protected.
A security crackdown in the wake of the missing discs scandal has also
resulted in the removal of staff access to CDs and other removable data except
following approval at director level.
The emergency steps, which were due to take effect on November 21, were
revealed by Treasury Financial Secretary Jane Kennedy at the end of a heated
Commons debate on the security breach.
She said HMRC ‘has established a central team to handle encryption on behalf
of the organisation to ensure the proper level of encryption is used at the
proper level’.
Kennedy added: ‘HMRC is also investigating the electronic transmission of
data. It is consulting with the British Bankers Association and currently
undertaking further talks to agree standards for and methods of deploying
electronic transfers.’
Her disclosures came at the end of a debate in which the issue of technical
security was forcefully raised by Lib Dem shadow chancellor Vince Cable
estimated that with one identity worth £60 on the black market, the lost discs
contained data were valued at £1.5bn, ‘which makes the Brinks Mat robbery the
equivalent of stealing the church collection’.
Tory shadow chancellor George Osborne derided the government claim the breach
was the fault of a junior clerk in Newcastle, claimed there is now ‘growing
public concern’ about the government’s ‘insatiable appetite for more personal
data on their citizens’ and demanded the scrapping of ‘flawed’ plans for ID
cards.
Chancellor Alistair Darling accused him of ‘political knockabout’.