HM Revenue and Customs embarrassing loss of two
discs containing the personal details of 25 million people was the
result of systemic failure an independent review of information
security at the department has concluded.
The 100 page report carried out by Kieran Poynter,
chairman and senior partner at PricewaterhouseCoopers was presented
to parliament today. The data loss was avoidable and was the result
of systemic failings within HMRC, it concluded.
The report highlighted weakness in information
security policies at the department which were too complicated and
difficult for staff to navigate,. It pointed to inadequate
security awareness, a lack of communication and training on data
security and a lack of clarity around the governance and
accountability for data protection.
Chancellor Alistair Darling told Parliament today
that the culture within HMRC needed to change in line with
changing technology. It is absolutely clear that people need
to understand the importance of protecting the information they
handle, he said.
Techniques for handling data have changed, making
it possible to transfer higher volumes at the push of a button
but government procedures have not changed at the same pace.
"There is a problem that people have not woken up
to the fact that processess used when everything was stored on
paper are not appropriate," said Darling.
Vince Cable, deputy leader of the Liberal
Democrats, said blaming the culture at HMRC for the data loss meant
"everybody was to blame but nobody was responsible."
More on Poynter report:
Summary of Poynter report and comment by Computer Weekly's Tony
Collins >>