The
loss of data on two discs containing the personal details of
25-million people was the result of systemic failure according to a
review of the information security at HM Revenue and Customs.
The 100-page
report carried out by Kieran Poynter, chairman and senior
partner at PricewaterhouseCoopers, was presented to parliament
today.
It revealed that the data loss was avoidable and was the result
of failings within HMRC and said that the procedures regarding data
within the government department needs to change.
Chancellor Alistair Darling told parliament the culture needs to
change in line with changing technology and that it is absolutely
clear that people understand the importance of protecting the
information they handle.
He said the methods of handling data have changed with higher
volumes transferred at the push of a button, but that the
procedures have not changed at the same pace.
"There is a problem that people have not woken up to the fact
that processes used when everything was stored on paper are not
appropriate," said Darling.
According to the report the failings were caused by weakness in
specific information security policies which were too complicated
and difficult for staff to navigate, inadequate awareness,
communication and training on data security and a lack of clarity
around the governance and accountability for data protection.
Vince Cable, deputy leader of the Liberal Democrats, said
blaming the culture at HMRC for the data loss meant "everybody was
to blame but nobody was responsible".