HMRC staff who worked with sensitive data carried out duties with a ‘muddle through’ ethos, a report into the missing child benefit discs from the independent police complaints commission (IPCC) has found.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
HMRC staff were working on a day-to-day basis without adequate support, training or guidance about how to handle sensitive personal data, the IPCC has concluded.
The IPCC has referred the case to the Information Commissioner.
HMRC needs to develop a data security strategy and train staff to understand how to comply with the Data Protection Act, the IPCC concluded
HMRC should appoint a data controller to demonstrate a management commitment to information security throughout the organisation, it said.
"Many reforms have taken place [at HMRC] and are continuing as improvements are rolled out across the department. We hope that the momentum will be maintained," said IPCC Commissioner Gary Garland, who oversaw the investigation.
HMRC informed the Metropolitan Police of the loss of the CD on 15 November and referred the incident to the IPCC the following day.The Metropolitan Police began its investigation to find the missing CDs on 18 November.