HMRC lost CDs containing 25 million people

Poor procedures blamed for data protection breaches

Poor procedures blamed for data protection breaches

MPs have blamed the government’s neglect of data protection procedure for recent data security breaches.

According to the Commons select committee on human rights, breaches such as the loss of the personal details of 25 million child benefit claimants by HM Revenue and Customs (HMRC) are illustrative of a public sector failure to treat data protection with appropriate sensitivity.

And the committee’s report released today claims to have expressed concern about government protocol regarding data protection on 18 previous occasions, one of which involved HMRC.

According to Andrew Dismore, chair of the committee, the loss of the child benefit data was “far from a one-off”.

“In fact, it was symptomatic of lax standards in the public sector,” he claimed.

“Information should be treated as sensitively and carefully as hard cash. It should not be sent in the post unregistered and unencrypted.

“It has taken the massive data loss by HMRC to bring the true consequences of the piecemeal approach to data management to light. The government must demonstrate that it appreciates the seriousness of what needs to be done.”

Mr Dismore claims the root of the security breaches is a “cultural” problem in the public sector.

“There has been a rapid increase in the amount of data sharing in the public sector, which can be useful, important and necessary,” he added.

“But this has not been matched the even more necessary strong commitment to safeguard the right to respect for personal data.”

Responding to the report, a Ministry of Justice spokesperson insisted “the government takes data protection seriously”.

It said three reviews on the issue have been undertaken since October last year and that new powers of inspection for the information commissioner are being considered as a result.

“The reviews are due to report in spring. The outcomes will help the government to take a considered view of the range of measures necessary to strengthen the protection of personal data,” the statement finished.