Wednesday, November 21, 2007

HMRC's Staggering Incompetence

The HMRC and Treasury finds itself further in the mire today, as more details emerge about the colossal failures of security in respect of the loss of child benefit data.

Yesterday I wrote that 15 million people were affected, in fact the figure is a mind numbing 25 million.

The discs seemingly were only password protected, they should in fact have been encrypted. This means that the data will be very easy to access, and it is reasonable to assume that the underworld is now looking for these discs.

Security experts have lambasted HMRC for its incompetence.

Tom de Jongh, product manager at SafeBoot, said:

"Basic policies were ignored. It appears that the fundamental policies upon which the National Audit Office and HMRC operate are flawed and it is no wonder that this breach has occurred.

The Chancellor freely admits that NAO and HMRC broke clear procedures, but that will not reassure the millions of families that are praying their financial details don’t get into the wrong hands
."

Brian Spector, general manager for content protection group at Workshare, said:

"It is staggering that an organisation responsible for the data of over 25 million child benefit claimants is still copying data onto CDs and not ensuring its full protection through encryption techniques.

It has never been acceptable for businesses or government departments to lose data, but in today’s information society, the flagrant disregard for the protection and security of this type of data is not acceptable.

The money invested in IT by the UK government must now be prioritised on security to ensure that the data of those the government serve – the public - is secure and protected
."

Jamie Cowper, director of European marketing at PGP Corporation, said:

"These discs should never have been transported in the first place – information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer – but more to the point, these details should not have been stored in this medium.

Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion
."

An ex member of the HMRC spoke anonymously to the BBC:

"I wasn't surprised in the least when I heard the news. The problems with Child Benefit are only the tip of the iceberg.

Morale is non-existent. Mistakes happen continuously. Rooms full of unopened post are not uncommon.

Arbitrary individual hourly targets meant that people cut corners. It doesn't matter if you make mistakes because you won't be held accountable.

There is no trust between management and staff.

You are like a number. It is utterly demoralising.

I've spoken to some of my former colleagues about the Child Benefit blunder, and they are utterly apathetic. It's just one thing on top of another.

People hate it, but after 20 years or whatever they feel they can't get a job in the private sector.

Something like this was going to happen sooner or later
."

The above is not only a damning indictment of HMRC but also an indictment that applies equally well to all other bodies in the public sector, and exposes the consequences of ten years of Brown's rule at the Treasury.

The damage he will do to the country as Prime Minister, were he to remain in office for that long, is mind boggling.

1 comment:

  1. I bet you're looking forward to turning up at an interrogation center and giving the government what little extra information about you it doesn't already have, to be put on the national ID registry!

    Of course, that will be safeguarded, and nothing like this would ever happen, would it?

    ReplyDelete