HMRC data loss blamed on targets

Security expert Merlin, The Earl of Erroll, believes targets and budgets rather than individuals should be blamed for the loss of 25 million UK citizens' confidential records last year

Last year's data-loss debacle in which HM Revenue & Customs lost millions of UK citizen's personal details was the result of excessive targets, according to a member of the House of Lords.

In November 2007, HMRC admitted it had lost two CDs containing the details of 25 million individuals. The CDs are assumed to have been lost while in transit to the National Audit Office. According to Merlin, The Earl of Erroll — a noted IT expert who is widely regarded as the only Lord with programming skills — the scandal was "because of targets [and] budgets" rather than being the fault of individuals.

Someone had to get the data somewhere else to meet a target, said Lord Erroll, during a panel discussion at the Infosecurity security conference in London on Tuesday. Having simple procedures doesn't work if the only way to hit targets is to bypass those procedures, he added. "We live in a complex world. The moment you try to use simple rules and controls, they don't work."

Richard Thomas, the information commissioner, was speaking on the same panel. He said that Gus O'Donnell's review of the HMRC data loss would lead to new guidance for the public sector being issued "later this month", and suggested this guidance would have an "emphasis on accountability".

"It has to be the chief executives and the permanent secretaries who take responsibility when things go wrong," Thomas said, referring not only to the results of the O'Donnell report but also the Burton report into the loss of 600,000 people's data by the MoD — an incident in which unencrypted data was held on a laptop that was stolen from a car seat.

Thomas also questioned the amount of data being held, stored and shared in such cases. "Data protection is not just about data security," he said. "Data protection is to a large extent about data minimisation. Why were 600,000 people's details being kept and why for so long? Why was the entire database transferred to a laptop, and why unencrypted? Only then do you get to the question of why it is left in a car."

In the case of the missing HMRC data, it emerged soon after the loss occurred that sensitive information, such as bank details, was supposed to have been stripped out of the databases on the discs before they were sent to the National Audit Office. It had, however, been left on the discs because of the extra costs that would have been incurred by stripping the information.