HMRC: Data lockdown complete by 2011

Useful Poynters

HM Revenue & Customs (HMRC) has promised to have the recommendations of the Poynter Review implemented within the next two years.

The review was designed to prevent another data debacle like the one that saw HMRC lose the details of 25 million people in 2007.

Among its recommendations, the review advised the phasing out of data transfers using physical media, and the encryption of computers and portable media.

According to the HMRC's latest performance report, the department will make its "best endeavours" to implement the review's recommendations by 25 June 2011. "Good progress has been made in strengthening data security" within the department, the report added.

The HRMC has already blanket blocked bulk data transfers that aren't business critical until their security can be improved and stopped staff saving data to portable media including USB sticks unless "there is a compelling business case to do so".

Asked if any of the data transferred to portable media will be unencrypted, a spokesman for the department said: "There's more chance of Father Christmas coming to visit me in the office. In order for [data transfer to portable media] to happen, there has to be an authorisation from an extremely senior person and then any information has to be encrypted."

As well as technological changes to boost data security, HMRC is altering the way staff and management approach the issue.

All workers are being given data security training, as well as a guidebook on the subject and every HMRC directorate now has a data guardian, "acting as an expert and champion for data security within their business areas".