Governments are hopeless at IT: UK data breach

21 November 2007

It does honestly surprise me that a) it took this long for something on this scale to happen b) it even came out at all…but the HM Revenue & Customs have managed to lose 2 CDs containing the personal details of 25 million UK residents.

After this I really don’t know how the UK Government can still consider the mass consolidation of citizen data into an “ID Card Database” a good idea. The fact is that if someone can just ‘get hold’ of all this data and burn it to CD, whatever their seniority level, then the system is broken – and if the data protection safeguards at the HM Revenue & Customs are broken then I think there are some areas that need to be fixed before bringing a whole heap of extra data from biometric passports and ID cards into the equation.

Governments rely far too much on outside contractors to deliver IT solutions, often massively over budget and normally not without some controversy over the implementation. Without building up the expertise in-house, how can we ever expect to foster the talent necessary to run eGovernment. I’m sure that outside help is necessary in some cases, but without this internal knowledge of IT and the way things work – how is anyone supposed to know that copying database records onto CDs to post insecurely is a bad thing to do.

I imagine that when the Chancellor said “password protected discs”, he meant that the Excel spreadsheet containing the data had a password set on them. To the average untrained person this is usually totally acceptable (believe me, I’ve worked my share of IT support) – and why not? Someone needs to ramp up the training of the people who have access to this data, and then make sure its only them who can ever access it – without someone senior being able to ‘pull rank’ on an outside contractor.

Sad as it is to see someone lose their job, its good that heads have rolled at HMRC. However the pace of Paul Grays departure probably indicates how serious this incident is viewed in government.


  1. Glyn Says:

    For more info on the HMRC Discgate see the Open Rights Groups summary and ideally write to your MP.

Sorry, comments are closed for this article.