Enormous UK Privacy Disaster

A huge fiasco in England — Her Majesty’s Revenue and Customs office (HMRC) mishandled and then lost two CDs containing private tax data on 25 million UK families. Alastair Revell, who blogs for IT Director, says this:

Apparently, the CDs were sent by internal mail without being registered or recorded in any way. It was clearly an accident waiting to happen.

Worse still, when they didn’t turn up, it seems from the statement made to the House of Commons by the Chancellor of the Exchequer, Alastair Darling MP, that a further copy was sent by recorded delivery, which apparently he believes should not have happened either!

It needs a moment or two just to reflect on the enormity of what was done here, not once, but twice. Sensitive details of just under half the UK population were sent by internal post between two offices with little consideration for its security. It seems the first reaction of those who discovered that the data hadn’t arrived was to resend it, not to ask what had happened to it!

Furthermore, it seems that Mr Darling knew of the security breach on 10th November 2007, but did not instruct HMRC to inform the police for four days. Exhaustive searches have not found the missing CDs, although by their very nature, no comfort can be drawn from their recovery. They could easily have been copied at any time in transit, let alone after they had been lost. The data has been compromised!

The astounding reality is that just under half the nation’s personal and banking details have been compromised by employees of the government.

There is so much apologizing going on in London today, you could probably see the tears from a satellite. However, according to the trade site Government Technology, it happened before, and recently.

This latest incident is not the only time that HM Revenue and Customs has allowed data on British citizens to potentially fall into the wrong hands. In September, a laptop containing personal information on thousands of investors was stolen from the car trunk of an HMRC official. Last month, in a separate incident, a courier being used by HMRC lost a CD containing details of 15,000 Standard Life customers.

“If this data fell into the wrong hands it could be sold off piecemeal to organized identity theft gangs over the Internet for a handsome profit. Within minutes information can be duplicated and passed around the world for criminals to exploit,” said Graham Cluley, senior technology consultant at Sophos. “Hackers have set up auction sites on the shadier areas of the Internet for hawking their stolen wares to interested parties. Everyone will be desperately hoping that if a criminal has intercepted the CDs that they do not realize the value of what they have stolen, and the data will not be exploited.”

That’s really all they’ve got — a prayer that nothing bad will happen, and advice to all the families to be on the lookout.  Public outrage threatens the Labor government of Prime Minister Gordon Brown.  Guardian columnist Jonathan Freedland wrote:

Loyalists say that this was the kind of human error that could have occurred under any government, but this episode cannot be brushed aside so blithely. It matters deeply because once a government loses its reputation for competence, it starts losing its claim on power. That’s especially true of Brown, whose political persona for the last decade has been built on his perceived capability. Never mind that he couldn’t do small talk or grin on TV, at least he was competent. If that goes, Brown does not have much else left. Note the weekend opinion poll that found that Brown’s job approval rating has plunged from plus 30 last month to minus 10 now.

The TimesOnline columnist Alice Miles is a bit more blunt:

Idiots. Utter, unbelievable, jaw-dropping, unpardonable idiots. It is beyond farce, past comprehension, criminally irresponsible and beneath contempt.

But a comment to her column is a more eloquent expression of public frustration:

If a bank does this to its customers it gets pilloried in the press and fined by the FSA, at the very least. But we can choose our own banks. We live in Walthamstow (Attlee’s old seat) – we cannot choose the Government. My wife used to collect the child benefit at the post office down the road. Then this Government said it would be more efficient to pay it directly into our bank account. So they do – and tell everyone else our details. More efficient for the banks and the civil servants and the crooks.

Explore posts in the same categories: Politics, privacy, Technology

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: