Trust in government tech lost on two CDs

The government has not only lost 25m confidential records — it may also have lost whatever faith the public still had in its ability to safeguard their data
Written by Leader , Contributor
It's hard to believe that a body charged with the personal details of 25 million people could allow that entire database to be downloaded to discs, and lost.

Harder still to believe is the government's fumbling explanation of such a mind-numbingly huge loss of data.

For a start, we had the chancellor of the exchequer, Alistair Darling, stood at the despatch box in parliament today stressing that people are not at risk of ID fraud. He added that banks will reimburse any losses.

Darling failed to say what losses there could possibly be from people's bank accounts if there is actually no risk of fraud. He failed to state exactly which banks would reimburse people. And he failed to say how people could show the banks they had been the victims of fraud in a case where the risk of fraud was nil.

This is farce of the highest order.

The potential for ID fraud on a scale never before seen is clear. What is required for ID fraud? Details such as names, addresses, dates of birth and national insurance numbers are a good start. Bank details are the icing on the cake. And what was lost? All of the above.

Alistair Darling's comment that people are not at risk from ID fraud is at best naive and at worst negligent.

Furthermore, as we delve into the issue, it simply gets worse and the questions more numerous.

We're told that the data was password-protected — but what does that mean? Was the data actually encrypted and, if so, how?

Who thought transporting such information physically was the best way to do it? We're told that a junior official was responsible — but why do junior officials have, or indeed need, access to the entire, downloaded database?

And why did the junior official think that a courier was the best way to transport such a vast database of such valuable, personal information? Is data security at HMRC really so bad that sending physical CDs was considered more secure than electronic transmission? What risk assessment did they use to come to that conclusion? Is there even a risk-assessment procedure in place?

We can be sure that, as the answers unravel, even more questions will emerge. One thing we do know: this fiasco makes the claim of the Home Office that it is a safe pair of hands for the national ID cards scheme look as empty as an HMRC CD pouch. 

Editorial standards