Thursday, November 22, 2007

HMRC's Staggering Incompetence II

It seems that our Prime Minister and Chancellor are not only guilty of setting up and running an incompetent organisation, but are also guilty of trying to blame a junior for the worse breach in security ever when in fact it was senior civil servants who were responsible.

Any government with such a cavalier attitude to security and the truth most certainly should not be entrusted with running the country.

The full story from The Independent is reproduced below:

The head of the National Audit Office, Sir John Bourn, locked horns with Her Majesty's Revenue and Customs and the Chancellor last night when he said the decision to post two computer discs containing the bank details of 7 million families was taken by senior HMRC officials and not, as Alistair Darling claimed, by a junior employee.

A public row broke out between the HMRC and the NAO over who was to blame for the blunder after Sir John launched a scathing attack on the former, saying high-ranking civil servants at the HMRC ordered the data – which the NAO had not requested – to be sent to his department. His comments contradicted Mr Darling's explanation to MPs on Tuesday.

The entire child benefit database was sent via internal mail by a junior official from HMRC in Washington, Tyne and Wear, to the NAO in London via courier TNT on 18 October.

Mr Darling said the civil servant broke the rules by downloading the data to computer disc and sending it by unrecorded delivery.

Edward Leigh, the Tory chairman of the Commons public accounts committee, said the NAO had asked only for basic details about child benefit recipients, without information on personal bank accounts, but was told by "high level" at the HMRC that it would be "too burdensome" to separate this data. He said he had been given a copy of a briefing note written by Sir John for the Chancellor, which suggested that senior HMRC officials authorised the release of the sensitive information.

The note says that the NAO requested data on child benefit claimants in a "desensitised" form, with bank accounts and other personal data removed, in March but an email from a senior business manager at HMRC stated that the data would not be desensitised.

Mr Leigh said the reason given for turning down the NAO's request was that desensitising information would require an extra payment to the HMRC data services provider EDS.

The disclosures will add weight to Tory claims that systemic failures at HMRC led to the worst loss of data in British history and cast doubts on the assurances by both Mr Darling and the Prime Minister that government bodies can be trusted to keep records safe.

It also raises suspicions that an office junior at the HMRC is being made a scapegoat for failures by more senior managers. That worker, who remains unnamed, was in hiding last night as the police search for the missing discs continued and the HMRC confirmed he was facing the sack. The man, who is understood to work in the IT department of the Child Benefit Agency, has been put up in a hotel with a minder to protect his identity as the clamour for his name to be published intensifies.

A spokeswoman for HMRC said: "His future is part of the investigation that is taking place. When that is completed disciplinary proceedings will follow. One of the outcomes of those proceedings is dismissal."

Senior civil servants are concerned that there should be no repeat of the public scrutiny and humiliation faced by Dr David Kelly, the government scientist who took his own life after he was exposed as a BBC journalist's source in the row over the "dodgy dossier" produced in the run-up to the Iraq war.

Mr Leigh's committee is launching an investigation into the lax data handling systems at the HMRC. It will summon Paul Gray, the department's former chairman who quit over the scandal on Tuesday, to answer MPs' questions.

Scotland Yard said officers from its specialist economic crime unit were helping to co-ordinate the investigation on Tyneside.A spokesman said: "Our inquiries will continue for the rest of the week."

It emerged yesterday that an almost identical breach rules governing the transfer of sensitive data took place in March. The NAO received discs from the Child Benefit Agency containing its full set of data on three occasions – yet none of its officials queried the decision to send out the data in an unfiltered form.

No comments:

Post a Comment