MPs told of risk of more data security breaches

MPs have been warned further revelations of data security breaches are likely in the wake of the HM Revenue and Customs (HMRC) data blunder.

Information commissioner Richard Thomas said yesterday a string of private and public sector organisations have told him in recent weeks they have had problems with lost data.

He said: “I think they are coming to us on a confessional basis to bring our attention to problems they have with data security in their own organisations.”

Giving evidence to the Commons justice select committee, Mr Thomas predicted: “I think there is certainly more to come out in the wash.”

He said a senior civil servant was now trawling Whitehall for any further cases of data loss.

Mr Thomas said he did not, however, expect any data security breaches to be as serious as last month’s revelation HMRC had lost the personal details of 25 million child benefit claimants.

Nevertheless, he said the loss of two computer discs and subsequent resignation of HMRC chairman Paul Gray had been a “massive wake-up call” to organisations.

Chief executives and permanent secretaries are now asking if the proper data security procedures are in place, he told MPs.

Giving evidence to the Commons committee, Mr Thomas said questions needed to be asked over how a junior official had managed to send two computer discs through the post.

He said: “I would question whether anybody should be allowed to download an entire database of this scale without going through the most rigorous pre-authorisation checks.

“One would want to question why software was not in place to be prevent the entire database being downloaded.”

The loss of 25 million people’s personal details was seen as a major blow for the government’s plans for a national ID card and database scheme.

Mr Thomas agreed yesterday the government should review its plans for ID cards in the wake of the HMRC data loss.

He said ministers risked putting too much faith in the value of information sharing, adding “any massive collection of information like the identity card carries risk”.

But he went further than questioning the government’s competency to run the scheme and said ministers still seemed confused about the underlying purpose of ID cards.

Mr Thomas said: “We still have some uncertainties about what the primary purpose of the identity card is … Is it to improve policing, to fight terrorism, to improve public services, to avoid identity theft?

“I think there is a lot of thinking still to be done on its primary purpose.”