Taxation logo taxation mission text

Since 1927 the leading authority on tax law, practice and administration

Poynter: CD loss was entirely avoidable

25 June 2008
Categories: News
'Institutional deficiencies' blamed for HMRC security breach

Last year's major security breach at HMRC was 'entirely avoidable' and highlights 'serious institutional deficiencies', a new report has concluded.

The document follows an investigation led by PricewaterhouseCoopers chairman Kieran Poynter into the loss of two CDs containing details of 25 million child benefit claimants.

(A six-page interim paper was published in December, but revealed little.)

The incident — for which no individual has been blamed - is judged to have arisen 'following a sequence of communications failures between junior HMRC officials, and between them and the National Audit Office', said Alistair Darling in a statement to the Commons.

'The fact that it could have happened points to serious institutional deficiencies at HMRC,' said the Chancellor.

'Firstly, information security simply was not the management priority it should have been.

'And secondly, management structures and governance were unnecessarily complex and did not establish clear lines of accountability.'

Moreover, the new report highlights 'a lack of clarity in communications and the failure to involve senior HMRC staff as being contributing factors', said Mr Darling.

Mr Poynter suggests that 'a great deal of work will be required to bring HMRC up to and to sustain the world class standard for information security to which it now properly aspires'.

His document goes on to make 45 recommendations to enhance, secure and modernise HMRC operations. These include the raising of staff morale, further development of the new organisational structure and improved security procedures.

A separate inquiry by the Independent Police Complaints Commission (IPCC) has also published its findings, showing that there was no evidence of misconduct or criminality by any member of staff at HMRC.

Acting HMRC chairman Dave Hartnett HMRC responded to the two new reports by saying his department was 'absolutely committed to delivering all of their recommendations and to ensuring data security remains an explicit priority in the future'.

Categories: News
back to top icon