Chancellor Alistair Darling told parliament yesterday, "In March of this year it appears that a junior official within HMRC provided the National Audit Office with a full copy of HMRC's data in relation to the payment of child benefit. In doing so it is clear that the strict rules governing HMRC standing procedures were not followed."
The NAO subsequently returned the data after auditing it. It then asked for the data again in October. "Again at a junior level and again contrary to all HMRC standing procedures, two password-protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's post system operated by the courier TNT. The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO," Darling told parliament.
Three weeks later the NAO told HMRC that the discs had not arrived. "A further copy of this data was sent, this time by registered post, and which did arrive at the NAO. However, again HMRC should never have let this happen," Darling said.
These breaches come on top of earlier breaches when 15,000 names and details were lost in the post and an HMRC laptop and other material containning personal details relating to HMRC customers was lost. In an interview, Treasury minister Helena Kenndey said it was one of 41 HMRC laptops stolen in the past year.
Read more on IT risk management
The government has promised sweeping changes to the way data is secured across Whitehall in the wake of the missing discs review.
HM Revenue and Customs...