A 'major operational problem'?
Intriguing news. Alistair Darling is to make a second and unexpected statement to the Commons this afternoon. It is not about Northern Rock but is, I'm told, about a "major operational problem" at Her Majesty's Revenue and Customs. One rumour (and it is, I stress, no more than a rumour) has it that it is about "data loss".
Do get in touch if you know more - your message will, of course, be treated as strictly confidential.
UPDATE, 12:30 PM: It is indeed, as I mentioned above, data loss on a huge scale. I understand that the data of over a million people has been lost by HMRC. It relates, I'm told, to benefit claimants, and not the income tax system or tax credits. Although there is no evidence that anyone has yet lost money, the potential is clearly there for the false use of people's identities.
I'm 
Comments
HM-arsey, as its numerous victims will know, has become a by-word for incompetence.
The fundamental issue is that the tax-gathering system, due to Gordon Brown, has become horrendously complex.
So complex that it even defeats those who have to administer it.
The final straw was layering Browns Tax Credits system on top of a PAYE system that was itself not particularly accurate.
It would seem that nobody had the courage to tell Brown that this simply could not work efficiently.
Why would anybody be surprised if it transpires that HMRC have 'lost' miilions of people personal data.
It would simply be par for the course.
This month, the Ö÷²¥´óÐã Secretary has come to the Commmons and made a statement about illegal workers in security. The chancellor looks set to make an announcement about data loss in revenue and customs.
This same government wishes to spend over £5bn on ID cards in order to store and manage peoples identities and private information, this ID card will link national insurance, passport medical and tax information, in one large database.
I do not trust any government to be able to manage this confidential and private information.
Poor Darling.
Lost the data ? Lost the plot ? Found the poison chalice ?
Why should anyone be suprised? Whats next, using tax payers money to guarantee broken banks? Illegal immigrants working in the security industry? Misunderstanding and under estimating the number of legal immigrants coming to work here? Ah but these are all operational matters, not the responsibility of Government.....
So Nick, in your opinion - Darling's fault? Brown's fault? Or are they both just unfortunate that it happened on their watch?
It's a pretty obvious point, but surely this is one of the main reasons why ID cards are a rotten idea. However many safeguards you put in place - and you would hope that the Inland Revenue took data security seriously - things can always go wrong. What would happen if the ID card database were lost, stolen or corrupted?
Words fail me...
I don't think it's unfair to say that some of the people who work for the government are, indeed, doughnuts.
Well as a person who claims Child Benefit - what am I supposed to do just hope now one gets my bank details and if they do and I loose money, is this government going to pay me back? I doubt it.
This is government that wants to issue ID cards and store vast amounts of our personal data and they cannot even move data from one site to another with out loosing it.
I may as just put all my personal date up on a web page now for all to see and read.
Alexander (#5) is perhaps being a little too smart with his comment on Darling and Brown just being unfortunate that this data loss happened on their watch. There is a theme going on here that smacks of both incompetence and - quite possibly - cover-up in the governance of the UK. It makes one wonder what else is going on.
At least in this case the guy at the top is taking responsibility for a major operational disaster, seemingly an ever rarer event in the UK.
Ooo, I like doughnuts!
What is the likelyhood that the data wasn't encrypted?
what gets me is that it looks as if the goverment have known about this for 9 days or more, what were they doing in them 9 days and why wasn't the public told, darling is now in serious hot water indeed if he wasn't already
As mentioned above, a lot of the pressures that HMRC are now working under (merger between Revenue & Customs; Tax Credits; 10,000 pages of tax rules) are a direct result of GOVERNMENT POLICY. Despite this, I notice the head of the HMRC has done the decent thing & resigned.
Given the track record of this awful, awful, government, I'm sure none of the ministers will follow, as they are totally unable to spot the real-world implications of their decisions
Nick,
Recently we've witnessed the loss of a laptop with details of hundreds of high value ISA account holders; data on 15,000 Standard Life customers going 'missing'; and now this...all from HMRC.
This suggests this is not just an "operational problem". The Chancellor has now presided over 3 fiascos involving HMRC and it is for him to resign since he has failed to stem the failures. His watch, his job. He must walk.
And he would do so if there were a shred of honour left in politics.
Regrettably, Iain #10, the 'guy at the top' (our esteemed Chancellor who is supposedly in charge of HMRC) has not fallen on his sword; as usual, someone else takes the blame.
The Treasury (like the Ö÷²¥´óÐã Office) is clearly a complete shambles. God help us if the Government ever gets its hands on our personal data that it wants to put on an ID card database.
Next time you visit your doctor, just tell him or her to place the notation `93C3' on your records to indicate you have refused consent for the upload of your data. The DoH will show the same lack of respect for your privacy as any other branch of government, so you should assume that the NHS computer systems are just as leaky as the taxman's.
Why, if they have known about it for 9 or 10 days, should we have a surpirse announcement today? It shouldn't be a surprise to Darling & Brown!
Who would trust this lot with ID cards if they cannot keep simple data like this safe.
I would say murdering an innocent person is much worse than losing a data disk.
So why did Paul Gray resign?
He should have toughed it out like Ian Blair and not worried about what his actions are doing to the reputation of the organisation that he leads.
This is a regret but like the de Menzies affair I hope the political and media interference doesn't detract from containing the problem. Something went wrong, there's a mess to be cleared up, and things may need to be tightened up. Apart from that life goes on.
Over a million, try over 15 million! Not surprised though, seems to be cocking up is a common occurance in Government! At least somebody has had the good grace to resign over this calamity (take note Ian Blair).
This must be the death-knell for ID cards, surely? This is a government addicted to spending tens of billions of taxpayer pounds on IT systems which often never go live and if they do never deliver what they were supposed to. Whatever the cause of this latest data loss it shows that mistakes can happen and humans are fallible - neither of which can ever be allowed to happen when the possibility of identity theft is as great as it will be given the amount of data that will need to be held and centralised for ID cards to work.
"life goes on" says Charles Hardwidge (No. 22)
Easy to say that until the details (bank details, NI numbers, address, childrens names etc.) of these 15 million poor people end up in the hands of the fraudsters and identity theives.
what gets me is that it looks as if the goverment have known about this for 9 days or more, what were they doing in them 9 days and why wasn't the public told, darling is now in serious hot water indeed if he wasn't already
Would you like to reconsider that turn of phrase, Charles E Hardwidge?
i'd like to add that if this is another case of the goverment trying to bury bad news for them 9 days darling's job could be under threat if the opposistion take the bull by the horns so to speak. so could edd balls be packing his bags to go to number 11? umm maybe we will see
It's hard to believe how it's actually possible to lose data on that sort of scale by accident. Surely they must be trying really hard to screw up.
More chaos and incompetence? What are the odds that Macavity will have something else on this afternoon?
am I right in thinking that today there are indications that the Chancellor will overshoot his borrowing target?
What's that about losing one parent.......?
In response to Alan at #17 while I am no fan of the Chancellor or the PM we should differentiate between what is policy and what is operational. This (based on what is available to date) seems to be an entirely operational issue for which individuals at HMRC must are responsible. It is foolish to expect that a government minister can be personally responsible for the actions of every civil servant or employee of an agency for which his department is responsible.
If you were however, to call for the PM to resign for the fiasco that is now our benefits and tax system or the Chancellor to be found to have been involved in covering the loss of data up or incompetence in the handling of Northern Rock I would be right behind you.
The addresses, personal and banking details of 15 million people lost in one fell swoop?
That is simply beyond scandalous.
Darling must follow Gray and resign IMMEDIATELY.
I was undecided regarding ID cards - this has more than made up my mind for me.
There is absolutely no way that I'm going to register for one - I wouldn't trust this Government with my shopping list, let alone my personal details.
Why is it a surprise announcement? Because they hoped to keep it quiet for a lot longer.
Iain (post 32) has it spot on. A lone measured voice in a sea of howling outrage. The trouble is, people don't want reason. They want blood.
Darling is new to the job, you can hardly blame him in his current role.
However ... if there was a current minister who, in a previous post, dabbled with the system and organisational structure and that led to this scenario, then he/she should resign.
Charles E Hardwidge (#22) usually has me laughing in disbelief, but this time....
"Life goes on"? not for "de Menzies"
Sorry Iain (#32), I don't buy your argument about distinguishing between operational matters and policy. I agree with the general thrust of your argument, but not that it applies to this case.
Losing this number of records is not just an unfortunate blunder. It points to systems failures on an unimaginable scale. For ministers not be be aware of such outrageously flawed procedures should be (but of course won't be) a resigning matter.
Does anyone know if Alister Darling has a Knife & Fork licence, or does he still need adult supervision?
I agree with Steve and Ian that this incident in itself appears to say more about the competence of HMRC than Government policy.
What is not known is why the data was being transferred between departments in the first place. If this is because of Gordon Brown's insistance as Chancellor on complicating the tax system then he and his successor do have questions to answer.
OK the TRUTH of the matter is we use Phones to do business not face to face.
So if you know a name a birthday and an address a mother maiden name (Ha you can get that off birth certificates) You can faulsy gain access to ANY of this data, pin codes wont work How can a 97 year old remember that.
So the PUBLIC how do you access YOUR government offices?
The glorous NI number is used for everything from Benifits and tax(Its original purpose) but also Passports, Bank accounts, HE Loans, Child Support and the list is growing.
The way you secure this system is through by making sure your address and details are kept up to date, making sure you know your identification.
Iain (POST32) has a point but is only partially correct. He is correct in saying that Ministers cannot be held personally responsible for the actions of every civil servant or agency employee. However, he overlooks the fact that this Government and Gordon Brown in perticular, created the environment that contributes to this mess. Gordon Brown created the Tax Credits scheme; Gordon Brown contributed hugely to the increased complexity of the tax regime, and presided over the amalgamation of two departments. It should therefore be Gordon Brown who is held accountable and who should resign. Alister Darling is just the unfortunate present encumbent with the poisonous chalice.
So a posted package (CD) went missing in the post during October. I seem to remember a small postal dispute then. Are they related?
Gosh - another Labour government department 'not fit for purpose'. What a surprise!
And this is why we don't let governments run databases.
I cannot wait to see what is next....
Just remember "we are safer now than we have ever been".
We just don't know -
who is here
who knows are bank details
At least we know the government doesn't...which is nice....
Could someone please explain why the National Audit Office needed names, addresses, date of birth, national insurance numbers and bank accounts details of Child Benefit claimants?
In the name of God...go.
For all those people who are concerned about what our government will/won't do about data security when it comes to ID Cards, how about ContactPoint - the index of EVERY child in England which will be launching in 2008?
Don't forget the idea of this system is to enable information to be safely shared by practitioners across the country. Let's hope that no-one manages to hack the system or "lose" the data on disks whilst they're out and about....
I do not think it would be reasonable for Darling to resign over this. (If we don't get our money back from the Northern Rock fiasco then maybe). However, what this case does show, in conjunction with cock ups in other depatments over the years, is that we cannot trust the Government system to protect our private details. Therefore, we cannot allow ID cards to come into force. The Government would then be entrusted with the knowledge of every aspect of our lives and, we can pressume, the fraudsters are their most fervant supporters!
Darling seems to be saying that safeguards are already in place, but were breached. The issue here is to make sure enforcement is in place, where the only breaches would be far from accidental, and staff could therefore be held to account. These measures include not allowing any member of staff to download the entire database, data encryption, and not allowing non-IT staff to have CD burners or access to any removable drive. All of these are standard practice in the banking sector - something that the highly-paid Govt consultants should know full well. The other issue of the laptop could also be fixed by not carrying data on local hard drives, but keeping it on servers which are then accessed remotely. If outside parties like the NAO need access, then they should be given a secure, remote access of their own, and not need to rely on data being posted.
The good news is that given the fact that the parcel is probably on the floor of a postal warehouse somewhere, it is pretty unlikely to fall into the hands of someone with the IT skills, inclination and fraud skills and contacts required to do any significant damage.
Still, to be on the safe side, a new Government wouldn't go amiss ;-)
Recently a website called myfootballclub.com made up of 20,000 proper football fans bought a league football club in Kent because they reckoned they could run it better than the management.
Is it time we started mycountry.com and let us run the country because I reckon this government's management under GB is more like Pub League than Premiership!
So they lose records of somewhere between 15 and 25 million people,they also say we are underthreat from terrorism and want to set up an ID system for everyone in the country.If they can lose these records what is the point of an ID card ??????
Gordon Brown wants a motto for the Country,how about-"Complacancy,Muddle and Bungle.
Pretty well describes Government today.
I would laugh, if my name, address, bank details etc, weren't on these blasted disks. Osbourne is spot on, it smacks of basic incompetance within government departments, of which HMRC is supposed to be amongst the best. I am staggered that it is even possible for a junior official within a department to be able to create CDs with personal records on. This is an unbelievable failure of security at the most basic level.
It is quite inadequate that just the Chairman of R&C should go. There needs to be an identification of the people involved and their supervisors and those who allowed this to even be possible, ie IT management, and they should all be marched off the premises. Only when people are held accountable for their actions and failures will we see an improvement in this country's wretched administration.
So the government knew about the problem for 9 or 10 days.
Now we all know why it took them that long to let the people know about the issue.
1 day to tell Mr Darling
1 day to tell Mr Brown
1 day to cast about for a scapegoat
1 day to consider that HMRC were set up by Mr Brown.
1 day to think of another scapegoat.
1 day for Mr Darling to say he'd only been there 5 minutes.
1 day to look for another scapegoat.
1 day for him to consider resigning with a 12 bore to his temple.
1 day to mention it in Parliament.
Simple
But probably better for the country of Mr Gray had stayed and the other two resigned.
Buried today:
number of failed asylum seekers who are sent home: falls to a new low.
Government borrowing way over budget.
This lot are out of control... except old habits of burying bad news... etc...
The data could not be encrypted: ANYONE who encrypted it would know about security and not use a courier..
So all the data is there for a £500 per account fraud x 15 million accounts over the next 5 years... and I bet apart form NHI/Bank/Address details it has emails and phone nos as well..
Stand by to lose money and get more spam and threatening phone calls.
#13 Unixman - Initial indications are the disks *were* encrypted with password protection of some kind.
#19 Why wait 9 or 10 days? To look for the missing disks! It'd be stupid to worry millions of people because an envelope fell behind the radiator.
#40 Simon - It's very unlikely that this is connected with any changes in tax policy. The NAO isn't part of HM Government, it's independent. It's like sending your accounts off to KPMG or your local accountant once a year for audit(or in this case, twice a year).
#43 Steve - No connection with the postal strike. HMRC used TNT as part of its internal post, a private competitor against Royal Mail.
#44 Max Sceptic - HMRC isn't a government department.
#47 Andy Staig - Auditing means checking that money was paid to the right people. You have to know who the right people are.
All the above info was gained from 15 minutes reading Darling's statements and Ö÷²¥´óÐã/Guardian reports. Some junior officials at HMRC may have made some stupid mistakes - but haven't we all? And no, I've never worked for gov't or Labour.
Angus #52: don't forget that the vague term "junior official" is used by government for a variety of spin purposes. (I seem to recall that David Kelly was dismissed as "relatively junior" or some such term when it suited their agenda.)
I suspect that, in this case, it is being used to imply that the problem was a one-off random action by a rogue trainee rather than something more systemic, because the latter would expose the Treasury not just HMRC.
Nick
It amazes me with you how you only see one side of othe argument you should report both side on a less bias way Osbourne must be your best mate because if you think that the majority of british people want to listen to his rubbish you have another thing coming,maybe you should join sky,on that note as some one has pointed out this is common place for the revenue to have things turn up in other places have you asked that question.
Try working there!!! (though thankfully not in the part that has "lost" the data) I wish I knew where these cushty jobs in the civil service were because I would go and work there. I spend my days working faster and faster and getting further and further behind. Why? Red tape, paperwork that takes up 60% of my time and is only related to showing that we meet our targets, a lack of staff - the workload is going up and the numbers are going down and a department that is increasingly reluctant to tackle the ones who do not want to pay. Believe you me we are as frustrated as those who we deal with and have just as much power to do anything about it. The stress levels in the civil service and the institutional bullying is creating ever higher sick levels but everybody just think you are skivers. Try telling the people at the top and dont blame those who are doing their best to make a system work that is inherently flawed. The only reason there are not daily disasters is because the majority of us who work there genuinely care and want to solve the problem and so do their best to sort it despite rather than because of the myriad of internal rules. (PS Sorry for the rant I just get annoyed by those who moan at the civil service but who have never worked in it)
Oh dear... Yet another problem for Brown and his Government. We've had the Northern Rock fiasco, the migrant workers fiasco and now this. These people are supposed to be running the country - as Osbourne said 'Get a grip.'
I predicted some months ago that Brown would end up like Major - the parallels are already becoming obvious. Please don't let this country be governed by a Government that lurches from one crisis to the next. How long before the knives come out and Ministers start blaming each other...
Just another typical day in the running of this country.
What now for ID fraud?
Re comment #49 about the database of every child in the UK due for implementation in 2008. It should be noted that the children of "VIPs" e.g. celebrities AND MPs, will not be included on this database "for security reasons". Another example of one law for them and another for the rest of us...
Like Andy Staig I too would like to know why the NAO needed such details. What exactly were they looking for?
I hope that the inquiry will examine this.
Andy Staig (Comment Number 47)asks why the National Audit Office needed information about child benefit claimants. No doubt the answer is for the compilation of yet another expensive set of meaningless statistics.
Others have commented on the inability of central government to operate any large IT project efficiently. I would broaden the accusation and suggest that governments, of whatever party, cannot run any project efficiently. The political pressure on politicians to be seen to be making changes/improvements are inconsistent with good management.
I've had enough of this lot. Surely it's time for them to go.....
Huge databases are part of this Government's POLICY and like with the Iraq war, they have been warned of the pitfalls.
Even Microsoft say it's dangerous to maintain identity data bases on the level planned by the Government as no level of security can guarantee against them from being compromised.
Would I like to see the Chancellor resign? I’m not sure but I would like to see the Government admit their mistakes and scrap their £5.4 billion scheme for ID cards with the accompanying database of everyman, women and child in the UK.
Where is Gordon Brown? He seems to have disappeared from the face of the planet.
One cannot but feel sympathy for Darling.However,if this is not a resigning matter - what is ?
Absent a written constitution, compliance with a series of conventions has been a key feature of the conduct of UK government. One such convention was the acceptance by ministers of responsibilty for errors by their civil servants, with resignation in serious cases.
Behind that convention lay the reality that the operational environment of civil servants is greatly influenced by government and its ministers - New Labour more than most - via eg policy, budget allocation, manpower levels,top down targets and political pressure.
This convention is one of many trampled underfoot by New Labour, greatly to the detriment of good government eg government by cabinet to government by sofa, independent civil servants to ministerial advisors, communication via Parliament to spin via media.
Perhaps in this case we have moved to a new, modern convention:
"Nothingtodowithme.gov."
Sounds like the Treasury's going the same way as the Ö÷²¥´óÐã Office. Next it'll be the Foreign Office - that could be very messy indeed!
I worry about a situation where a leading and competent civil servant leaves because some idiot employee doesn't follow the well established system and just does is own thing.
I worry also that this is used as an excuse for some opportunist people to look for Darling's scalp.
In private business if an employee makes such a major mistake they are sacked on the spot and other employees are warned by the boss that if they do similar they will also be out on their behinds.
About time public institutions were run on the same straightforward lines. And the politically twisted opportunists told to go get lost.
I see there is going to be an enquiry.... what a waste of time. Problem: CDs got lost in the internal mail. Answer: don't put sensitive data in the internal mail. Get a bike courier to go direct or better get off your fat lazy arse and walk it round yourself....
HMT (SW1A 2HQ) to NAO (SW1W 9SP) = 1.6 miles.
The question I would like to see answered is just where the CD burner used was situated. Anyone with even a shred of IT savvy knows that CD burners and USB devices are a major area for potential security breaches.
Was it possible to burn these disks in the general office for instance without any physical oversight? If that is the case we are looking at a major can of worms. We know about these disks but what about those that could have been made without authority?
We need confirmation these disks were produced by approved staff (usually IT) operating a CD burner that was in a locked and secure server room. If this in not the case. If these reecords could be downloaded at any PC workstation then any information saved anywhere on that network must be considered compromised.
I trust you will be seeking an answer to this Nick!
It seems incredible that functionality should be built into these database systems to just copy all the data. Surely someone should have thought about protecting these idiots from themselves.
Um, junior officials, eh? How junior; have they been sacked or are they facing disciplinary proceedings? And if they really are 'junior' - what, a couple of clerks? - was it wise for them to be handling such sensitive data without adequate supervision or proper briefing? Or have job cuts gone so deep that too few people are being asked to do too much?
As usual the majority of comments here have been posted without having heard Darling's admirably clear statement of the facts; either that or people can't understand plain english. Even in the House the Tories* were eventually reduced to using the operational cock-up only to criticise the introduction of ID cards.
(*except of course the senior backbencher who didn't seem to understand the difference between Child Benefit and Child Tax Credits - a confusion also evident among some of the contributors here.)
It has been pointed out that a 14 year old schoolboy could probably tell you how to secure these IT computer system data exit points.
But culturally within these Government organisations, the 'OxBridge' types would not want to even think of getting their hands dirty down at the coalface.
So, it turns out that the 'donkeys' within Government departments are often lead by very cultured, but nonetheless, donkeys, all the same.
Of course, the security 'solution' will be solved by throwing loads of taxpayers money at the likes of IBM, EDS etc.
You really could not make it up.
A few years ago, at a pre-election meeting, an American lady journalist asked Tony Blair "Why is this a country where nothing works as it should?".
She got a jokey answer but unfortunately for English people, that is still a very valid question.
What I find incredible in this fiasco is that someone can access this information (at apparently a low level) and make a copy and 'post it off' as if it were a mere letter. What is the probability of receiving a normally posted leter in this country? How many more copies could be made and smuggled out of HMRC offices by low level staff? Perhaps we should get the secret service to run things? Or perhaps they have the same mechanisms? Given the high number of government 'leaks' perhaps government data is none to secure wherever it is held?
Is it not only a few months ago that discs were also lost from standard life when they were sent in the post?
Oh dear, when when the last time you called a governemnt deparment. Name? National Insurance Number ? First line of your address and post code please, perhaps a date of birth. Ok Sir what would you like to know perhaps how much you earned last year of perhaps your medical details. No problem Sir.
What a bloody shambles. There are SOME serious questions be answered.
How on earth can someone download that amount of data without an alert being triggered? This data could be available to the wrong people for years. I can change my bank acount but i can't change my or my childrens date of birth or even my National Insurance details, possibly could cahnge my house but that would take time.All the type of details other companies as well as government depts ask for.
Nick its up to you and your colleagus to ask this governemnet some very awkward questions.
ID cards? Go to hell!
Yes Alister Darling is in charge, but the problem arose when Gorden Brown as Chancellor cut their spending.
I doubt if Alister Darling really is Chancellor but rather taking orders from Gorden Brown.
Trouble is there's far too many Jack of all trades in this Government who seem to know all and be able to do everything.
This is very serious issue more serious than Northern Rock and to have to wait 9 to 10 days to find out is a utter disgrace Mr. Brown on a security issue, Government heads should roll, but no, "Not my fault gov".
It would be awfully interesting to hear what New Labour had to say if this happened to the Conservatives
Just one question.... Who's idea was it to keep it hushed up when people could have been having their accounts zapped?
Be interesting to see what happens if money did go missing from peoples accounts and two or three 'young Joe Blogs' popping up because of this.
I'll tell you what is most infuriating about this benefit data cock-up.... the Inland Revenue and the National Audit Office, arms of Her Majesty's government ( and God knows how many others there might be) send their mail, secure or otherwise, by the private firm TNT ... and not by Her Majesty's Royal Mail. Competent ? .. no, just a bunch of clowns claiming to run the country. Words like "booze-up" and "brewery" come into close juxtaposition in my mind.
So, Darling didn't lose the discs himself...didn't slip down the side of his sofa...whatever...
but he was a little bit slow off the mark in alerting the police?? the public?? those affected should have been given more of a chance to protect themselves. Darling has to go!!
I carry out process audits and have done so for a number of years in both private and public sector. I have never come across anything so incompetent as this. The information is classified - there should be set procedures and an oversight procedure in place. Downloiading or copying material onto a PC is easy to prevent, but obviously the IT security has failed as well. The individuals responsible have to be severely disciplined, and most likely will be sacked.
As for the political aspect? Labour is finished. There is no way they can recover from this, not with the sheer numbers involved. As Mr Darling correctly pointed out, there are no excuses. But he carries the ultimate responsibility. Procedures for any operation be it business or public sector have to be approved at the very top.
The icing on the cake will be to find that the "junior officer" responsible is an illegal immigrant. If that happens, then I think the Government will fall.
The only good thing I can see is the burying of the ID cards.
Three unanswered questions come to mind:
a) what level of authority does someone need to be able to create a disk with 15 million sets of details?
b) why was this being done? Even if it hadn't got lost in the post, why does the NAO (or anyone outside of the HMRC itself) need this information?
c) how many other government departments are carrying out similar practices and just haven't been 'unlucky'?
Is it the goverment's / HMRC's fault that an item gets lost in internal mail? No.
Is it 'management's' fault that such an occurance is even possible? Yes.
As a cautious supporter of this government, I feel ashamed by this fiasco. When my home computer is mor up to date than the treasury computers - something is going drastically wrong. Cable has got a reasonable grasp on this one - it is a huge institutional failure. I don't think Darling should resign - but he should remember.
I am very apprehensive about ID cards and intrusion on privacy anyway. If this government wished - it could brainwash people through their tight grip on the internet and other things that is frankly wrong. it's a shame they couldn't have a firmer grip on those CD's.......
The government should look at every institution it has got - and thoroughly examine it before it starts radically changing the country - or we will in for a bumpy ride ahead....
And this Government wants us to trust it with our private details for ID cards ?????? !!!!
The announcement that HMRC has, through poor process control lost ‘in the post’ the personal records for 25m people shows an astounding level of incompetence, if not gross negligence. The Government can not provide a cast iron guarantee that this information will not be used for fraudulent purposes. Perhaps the Chancellor needs to accept that quite possibly the World’s largest breach Personal data security, happened on his watch, do the honourable thing and resign.
Dear Nick,
This is complete chaos and madness, an absolutely surreal situation, that if it were a comedy show would seem rather over the top.
The best I can say is that Alister Darling should join the other Darlings in Never-Never-Land, for it seems that he is already away with the fairies......
I thought that most of our problems were over when we got rid of Panto Prescott and Bliar ..... Just shows how much I underestimated this regime.
In the name of God please just go NOW!
Come off it Nick, 25 million records? And you say that it's not the Government's fault?
Please stop the pathetic pretense of giving any benefit of the doubt to this unbelievably bad Government. I clearly remember the end of the John Major Government when the media was destroying everything they did on a daily basis. A lot of what the Major Government did really did deserve criticism, but sometimes the media had to stretch and go out on a limb. Particularly when John Major attended a Russian summit about the Balkan crisis, the media criticised his furry hat!
But John Major never even came close to the depths of corruption, incompetence and blatant anti-Britishness of this dire and tragically inept Government. They are truly woeful.
No money to the pensioners left destitute by the collapse of final salary pension schemes and yet Billions for rich bankers. The intention of compulsory ID cards to prevent a potentially massive and widespread ID theft bonanza caused by their own criminally neglectful loss of every families personal data.
How dare they even contemplate pushing ahead with their ID card scheme? How dare they dare contemplate using the word family in any of their future propoganda? They have potentially destroyed the financial future of millions of families. But so long as their fat cat elite bankers have billions of OUR money to bail them out, that's OK then!!!
Ray T @42 at 3;50 PM
Yes, Sir. That is right!
And because we can't rule out such personal error and structural failure, ID cards are a potential disaster.
Obviously this is horrendous. But to those people baying for Alistair Darling's head, can you honestly tell me that you would resign if a junior member of staff in your office who you didn't know and hadn't met ballsed up? This is not the Chancellor's fault but that of the individual and his or her immediate line manager who failed to ensure that procedures were followed. Anybody saying diffently is clearly just oa Tory looking for a bit of party politicfal ammunition. Even the rentamout they had on PM this evening didn't call for Darling to go as they know that this kind of thing could happen to any Government, Tory or Labour.
Why hasn't the head of the audit service gone as well??
What on earth did the auditor think about when asking for a pile of data to be sent to them for audit on an unencrypted disk??
These auditor guys are supposed to be ahead of the game, not part of it and the weakest part, to boot.
Perhaps it was one of the "illegal immigrants working in the security industry" who was working at HMRC and was responsible for this massive loss of sensitive data?
Absolute nonsense from most of the people posting here. They clearly have no idea what ministers and the government actually do, and cannot and do not differentiate between the government and the civil service. Things will always go wrong - that's life. No change in government or minister will change that. Yes - this is a mess, but (1) not nearly as serious as some people are making out (so what if someone has my name, address and bank account number) and (2) the government have handled this as well as any government would and could. Darling's apologised, it's being sorted out, that's actually all that we need.
If Alastair Darling resigns over this, it's only fair that Gordon Brown should go as well.
After all, Alastair Darling's only been at the treaury for five months whereas Gordon Brown was there for the past decade.
An attitude of complacency over things like security builds up over time and so, if anything, Mr. Brown is even more to blame for this cataclysmic blunder than Alastair Darling.
Contrast:
1. Chancellor Darling 20.11.2007 announcing the loss of "details of 25m individuals, 7.25m families - including children's names, addresses, dates of birth, NI numbers and where relevant bank and building society account details", which appear to have fallen into criminal hands, according to initial reports of accounts being emptied by people using this data.
with:
2. HMCR website on data spoofing 20.11.2007, last updated 2.11.2007, long after this foul-up was known(https://www.hmrc.gov.uk/security/spoofs.htm - use Frontpage to download a copy of the page and look at the HTML content) "While we may send you emails from time to time, we would never do so requesting login, bank and credit cards details."
Hardly necessary in the circumstances, is it?
Why blame Darling? He has only been in the job 5 minutes. The real fault lies with his predecessor.
Illegal immigrants in important security jobs - £5 million clean up
Helping out an ailing bank in a fix - £24 billion and counting
Losing the personal details of 15 million individuals - Priceless
For incompetency of eye watering levels there is the Ö÷²¥´óÐã Office, for everything else, there's Gordon Brown's cabinet.
It is currently not looking like an election for a good few months I am guessing!
how is alexander (#5) being too smart Terry (#10)? he's merely suggesting that we reserve judgement until we have further facts available to us.
To suggest that this failure is part of a pattern of government incompetence is, on the other hand, being "too smart".
Don't envy the government minister who'll be on question time tomorrow though!
Let's not forget the tax credit system has relieved child poverty significantly, even if it's complicated and has badly affected poor families who had to repay, ultimately it's had a positive benefit and we should look at that fact also.
Following Captain Darling's explanation of his activities during the last week on Today this morning, it's become clear that the Data Protection Commissioner has also been derelict in his duties. I quote the Data Protection Act 1998 c.29: "51. General duties of Commissioner.— (1) It shall be the duty of the Commissioner to promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act as to promote the observance of the requirements of this Act by data controllers....(6) The Commissioner shall arrange for the dissemination in such form and manner as he considers appropriate of—...(c)such other information as it may appear to him to be expedient to give to data controllers in relation to any personal data about the protection of the rights and freedoms of data subjects in relation to the processing of personal data in countries and territories outside the European Economic Area."
It continues in Schedule 1, the Data Protection Principles: "6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
As there's no knowing who's got this, but that the big criminal gangs are outside the EU (Albania, Russia), then the Data Protection Commissioner's not only been totally remiss in his duties, but has also totally compromised his supposed autonomy from political influence, he's collaborated with the Chancellor up to the bald spot on the top of his head. He should never have said, "hang on and see if you can spin it away", or words to that effect, he should have said, "I'm sorry, but it's my responsibility to warn the other data controllers - ie the banks and the individuals in question - what's happened." This he saliently did not do, giving another week or ten days to any criminals to strip accounts.
Then there's the banks. If they knew over the weekend, how come they never informed their customers? Equally, how come they can monitor the bank accounts of half the population at the behest of the government without informing anyone, without a Court Order, or anything?
This stinks worse than the original failure, and if there's a run on the banks as a whole as a result while people vote with their pockets, perhaps it's to the good in the long run. As things stand, the failure of the government to learn the first thing about keeping public confidence is terminal.
There's nothing to be gained by pursuing Darling's resignation, he's just the monkey. The organ grinder Brown is responsible for this cockup and he knows it. Cameron who should be rubbing his hands with glee for today's PMQ's
A further aspect: my widower's pension includes a child benefit element (I'm not in the UK, so I wouldn't have a direct claim if it weren't for the existence of the pension). The emergency line doesn't know anything about this, as they say that they're only dealing with child benefit questions and that I'd have to ask the Pensions administration.
What were the limits on the database?
HMRC are currently in the process of shedding thousands of jobs in a government 'cost cutting' exercise.
A 'junior' officer is blamed for sending the personal data of millions of people to oblivion! (I wonder if this person was actually a temp?)
The government says the problem is operational but studiously ignores the fact that they've set the agenda for the operation.
Unfortunately for Darling he's in the hot seat and he should fall on his sword. To paraphrase Caecina Paetus (Oh no, I'm turning into Charles 'H' Hardwidge!), 'Non dolet, Care!'
The HMRC use 400 operators to man the
VAT problem.
The password to use is for Vat registered is their VAT number,for
non vat reg their postcode,for members of the public their post code
for Charities their reg charity
number.
For fraudsters any of the above
Once you have given the above to the
poorly trained operatives they accept
that you are genuine & will freely
divulge anything they have on any
file.
The HMRC were told of this by me 9
months ago but totally ignored it
All conversations are recorded & by
law the HMRC are bound to send a copyto any party when requested.
The HMRC when asked for A copy I had
where confidential details were given to me refused.
Gordon Brown was notified by me BUT
HAS FAILED TO FOLLOW THROUGH.
No company, firm,individual,charity
or organisation are safe due to
the lack of security of the HMRC
S.E.Smith
I am simiply staggered that the discs were entrusted to the Royal Mail. That said, my postal vote has gone missing on 2 occasions and no one in the Department for Constitutional affairs or my MP will admit that relying on the post is incompetent, simply it is too expensive to send all votes recorded. I wonder if that is the same reason the discs did not go recorded delivery!
I haven't heard them blaming the previous administration - obviously everyone's now wise to that.
What I *am* worried about is that we've come to accept the explanations of Ministers, and we've lost sight of objectivity.
It's *us* that have become "dumbed down" because of all the yarns we've been spun over the last ten years.
We're beginning to accept incompetence and mediocrity as normal, which surely is the most shocking thing. :-(
The government has created a set of circumstances that has reduced the civil service to one large catastrophe. Charles (see earlier post) would like us to allow these same incompetent individuals to clean up the mess of their making. I simply do not believe that he would argue such a case where he was directly involved. Instead you would sack them or call for them to be sacked. Why on earth would anyone trust these individuals ever again?
Added to this is the fact that any of the improbable arguments in favour of ID cards have simply been undermined. There is the potential now that the wrong person could register their biometrics as if they were someone else simply because all of the requisite data ia potentially out there. Adding the wrong biometrics to a name / NI number is now a real threat. If someone nicks your ID in this way, how do you then prove who you are?
Overall, there is every reason for the current and former Chancellor to step down. If this leads to an election, so be it.
Come back Tories all is forgiven.
Black Wednesday for which the Tories were blamed ( it should have been the Germans not holding to the reality of ERM membership) cost the tax payer £3.4bn, very small beer compared to £24bn exposure to Northern Rock. What with the incompetence of estimating the number of immigrants since the accession of the former Eastern Bloc countries, lies over Iraq, losing personal data has to be the last straw. I heard poor Darling saying this AM that the other parties are also culpable because they agreed with the merger of Inland Revenue with HM Customs and Excise - I nearly choked on my toast. What a pathetic attempt at mitigation - clearly he is not competent to ensure that his department actually works - and what an indictment of the mess left by the previous Chancellor. I would not trust this lot to run a bath
ok lets point to the facts darling is between a rock and a hard place, the fact of the matter is that HMRC is independent from the government it is an autonomous body and therefore whilst it answers to the government it is snt being run or administrated by the government, so the fact is that it is an "Operational" failure rather than a policy one mean Darling isnt responsible "Gray" did the honourable thing and resigned however Darling should sort out the mess, and not go the one thing we need in al this is is continuity, so sacking the chancellor is nt going to change the situation, however just as a sidenote "Gray" went so why the hell hasnt Ian Blair
ok lets point to the facts darling is between a rock and a hard place, the fact of the matter is that HMRC is independent from the government it is an autonomous body and therefore whilst it answers to the government it is snt being run or administrated by the government, so the fact is that it is an "Operational" failure rather than a policy one mean Darling isnt responsible "Gray" did the honourable thing and resigned however Darling should sort out the mess, and not go the one thing we need in al this is is continuity, so sacking the chancellor is nt going to change the situation, however just as a sidenote "Gray" went so why the hell hasnt Ian Blair
I work for a major bank in IT. Had such data been lost (leaked?) into the open from any bank, there would be hell to pay. Heads would roll (very quickly), the bank would be held up for major censure.
The loss of the two discs is totally inexcusable and is unfortunately typical of the raging incomptence that afflicts most of the public sector.
Perhaps the whole sorry mess should be bulldozed into land fill and private companies engaged to manage the country. Oh, ah, that's already happening for quite a lot of stuff! Water, rail, waste! What next?
Words fail me, as with many others no doubt. How could a junior in the establishment have easy access to these kind of records?
At 17 I worked in council payroll, I was trusted with a lot of confidential information, but at NO point would I have been given access to a CD drive to copy it and send it to anywhere I chose to.
At 28 I have a 2 year old son and wonder how these days, a junior work person has so much authority to let me, my wife and sons details be somewhere within the UK and the statement released didnt even explain if this "junior" had been suspended from duty... lets hope so, ey?
Words fail me, as with many others no doubt. How could a junior in the establishment have easy access to these kind of records?
At 17 I worked in council payroll, I was trusted with a lot of confidential information, but at NO point would I have been given access to a CD drive to copy it and send it to anywhere I chose to.
At 28 I have a 2 year old son and wonder how these days, a junior work person has so much authority to let me, my wife and sons details be somewhere within the UK and the statement released didnt even explain if this "junior" had been suspended from duty... lets hope so, ey?
Matt #57 wrote: "#44 Max Sceptic - HMRC isn't a government department". I wasn't talking about HMRC - I was talking about the Treasury under whose remit it falls.
How long before Ian Blair's clever little head comes up a distraction to detract from the crisis, like, Al Qaeda has now got the two discs, and the police needs more power to invade and arrest and declare a national state of emergency.
Transparency from Labour? Sure, they are so transparent that we can anticipate every scheming move of theirs. Not clever.
to Malcolm @ 96.
"Yes - this is a mess, but (1) not nearly as serious as some people are making out (so what if someone has my name, address and bank account number)"
You naive soul. How many computer experts do you need to be lining up to be on television and in the media telling you that there is enough data about each family to empty their bank accounts or set up another account in your name and build up huge amounts of debt that they will never repay. The Government has set up the agencies and oversaw the systems of data mining and gathering ever more information about all of us (aided and abeted by gullible fools crying nothing to hide, nothing to fear) for years, without setting up any systems capable of protecting the very private and delicate information that they were supposed to protect. They have treat the families of this country with contempt for years. We are nothing more than a ready cash cow to these ministers.
The duty of care and any contract with the nation based on trust has been utterly destroyed.
This is clearly a monumental foul up of staggering proportion, but would seem (it is hoped and being generous to a fault) down to human error and non compliance with the Law, rules and protocols. However what troubles me more is that it opens up very serious concerns for the security of us all, not just the potential release of personal information to undesirables on 25 million citizens of this country. If it is so easy for a junior member of staff to have access to and ability to copy and post such important & sensitive information, how easy would it be for a "group intent on subversion of this country" to infiltate any Ministry/Government department and source information to undertake cyber terrorism?
We have been warned by this event.
Shouldn't there be a vote of "no confidence" in this government now?
If you think this is bad just wait until EVERY persons data is uploaded onto the NHS spine!
Shouldn't there be a vote of "no confidence" in this government now?
If you think this is bad just wait until EVERY persons data is uploaded onto the NHS spine!
Re Comment from Albanian -
"...Re comment #49 about the database of every child in the UK due for implementation in 2008. It should be noted that the children of "VIPs" e.g. celebrities AND MPs, will not be included on this database "for security reasons". Another example of one law for them and another for the rest of us..."
Having been involved with this system's implementation, I can confirm that all of those children mentioned WILL be included in the database - however, it will be possible for records to be "shielded" in cases where there may be risk of domestic violence, child protection issues etc. I don't think "celebrity" children (or MPs children) would be shielded unless someone could point out that there was a real risk to their whereabouts being known.
Here we go again. Ministers are responsible for the operation of their departments and agencies. However, they are not responsible for the actions of individuals. Can this ever be a satisfactory position where strategic faults have been exposed in how a department or agency is run as a result of the mistake of a 'Junior Official'?
Quite obviously, HMRC operates in the way that it does because it can. That points to a clear inability to manage the agency. Why was the Chancellor not aware that such lax systems were in place? Was the Chancellor aware that the strategic decisions to reduce staffing and to merge agencies had caused these problems to escalate? If he was, then he should resign. If he wasn't, he should resign. Having said this, I have a huge amount of sympathy with the view that Brown is the real culprit.
Meantime, these people turn up to the Commons and perform their party political routines with absolutely no regard for the implications that their incompetence has had on the electorate. When they are not in the Commons, they are on TV or radio studios where the discussions are time limited and somewhat sterile. In these circumstances, they posture and preen and carry on collecting their salaries as if they are the solution rather than the problem.
I would suggest that PMQs be replaced with a weekly audience with the public. The speaker need not apply as the independent arbiter for obvious reasons. I would propose that Jeremy Paxman would be much more effective in allowing a real debate to take place. In these circumstances, I cannot believe that the PM or the Chancellor or whoever, would be left in any doubt about the consequences of what they do or say. We might even get back control of our government.
One point that I have not seen mentioned before is why the NAO required the entire contents of the database?
In any professionally managed database you would produce a report output based on selected required fields - not the entire database contents.
I can't see any reason why the NAO require bank details just to establish who is being paid Child Benefit?
This is due to total lack of thought, procedure and anything resembling common sense.
Also; if you send items in the post how the hell do you know who is going to open them at the far end?
Data like this should ALWAYS be encrypted electronically and sent by SSL or other secure protocol to a specific destination. This sort of data should never even be copied to a CD.
The image of a hapless, overworked or ill-informed junior civil servant sending these disks through the post misses the point completely. At PMQ on Wednesday, Gordon Brown trotted out the plainly agreed government line that the recent data breach was an operational failure, not a "systemic" failure. This is absolutely wrong, and touches on basic system considerations taught on all undergraduate IT courses.
It should not be possible for anyone below the highest security clearance (required only for system maintenance) to download the entire database. It should not be possible to burn disks using any workstation within the department involved. It should not be possible to send unencrypted critical data anywhere, on- or off-line. Rules and procedures for staff are meaningless in the area of data security. The only security worth having is if the computer just says "no" when told to do something which should not happen. Otherwise the feckless, overworked or malevolent will help themselves.
It was inherently a systemic failure, because it happened when it should not have been able to happen. Perhaps the PM has been misinformed. Perhaps he does know how these things work. Either way, until the government fully understands the issues involved none of us can allow our security to be unnecessarily compromised by administrative ineptitude. The proposed ID card database cannot be allowed to go ahead in the current state. Whilst biometric data can securely identify individuals, if it is even remotely possible for someone to substitute their fingerprint for mine, and thereby hijack my secure identity, the proposed ID database is useless.
Not only useless, but dangerous.
I am certain that I saw on News 24 this morning the Information Commissioner say when asked if a crime had been committed, Yes certainly.
Why is no one reporting this?
Oh well! What has become of our systems today? Poor customer services, corrupt case workers, illegal workers, poor security checks etc; the list goes on and on and on and on …
Where does all the tax payers’ money go? And what purpose does it serve? I would rather believe that billions of pounds are spent on improving data protection systems rather than being told that some kid has lost millions worth of people’s personal information. I would rather pay thousands of pounds for an impartial application of a UK visa than be approached by someone revealing to me copies of my Ö÷²¥´óÐã Office file; claiming that he can sort-out my settlement in the UK for some petty change. I would rather ….; but not to be overwhelmed by such disgust as failing systems and policies.
It is the failure in such prominent government environments that end up costing the tax payers billions of pounds and even their life.
Such unnecessary mistakes must not go unpunished!
Dear Nick,
I wish the westninster chatters would shutup about the minor irregularity of how people choose to make donations to the labour party.
You all sound like a group of silly village gossips.
What has happened to political discussion, perhaps that is beyond your brain power.
Michael
THESE GOVERMENT DEPARTMENTS HAVE BEEN PLODDING ALONG FOR YEARS, THEY DON'T REALLY CARE WHOS'E IN GOVERMENT BECAUSE THEY FEEL THERE JOBS AS SAFE AS HOUSES, AND THE THOUGHT THAT THINGS COULD BE CHANGED HORRIFIES THEM? SO LOOK OUT ANY MINISTER WHO TRIES IT ( A BIT LIKE THE TV PROGRAME?) RED TAPE BLUE TAPE WHATEVER, THEY ALL WANT SORTING OUT, AND IF THEY ARE INCOMPETENT SACK EM, AND IF THEY ARE GOOD PROMOTE THEM, AND IF THERE'S TO MANY OF EM, STICK EM IN THE CHILD AGENCY ( WHICH IT SEEMS MOST OF EM HAVE GONE) AND TELL NIC TO LOOK AT THE TORIE RECORGD ON THESE THINGS? BET IT'S WORSE AND ALL SWEPT UNDER THE CARPET, AND AS FOR LIBERALS YOU FIND THEM UNDER THERE TO GEREATRIC GEORGE (PEASANT)