HMRC data loss: NAO request evidence

Evidence has emerged as to why the National Audit Office (NAO) asked HM Revenue and Customs (HMRC) for a large download of information from the child benefit database.

Evidence has emerged as to why the National Audit Office (NAO) asked HM Revenue and Customs (HMRC) for a large download of information from the child benefit database.

After receiving the request, HMRC sent the NAO details of all child benefit recipients: records for 25 million individuals and 7.25 million families. These included the names of children and their parents, addresses, dates of birth, child benefit numbers, national insurance numbers, and even bank or building society account details.

The National Audit Office had suggested to HMRC that it remove the names of parents, their addresses and bank details but the department declined.

In the House of Commons on 20 November 2007 the Chancellor of Exchequer, Alistair Darling, asked why the National Audit Office had asked for so much information from the child benefit database.

Darling said: "It is not at all clear to me why seven million records would be necessary, or whether it would be possible for anyone actually to look at seven million records and properly audit them."

On 21 November 2007 Computer Weekly disclosed that the practice of transferring details of all child benefit claimants onto CDs became established in March this year after HMRC's auditors, the National Audit Office [NAO], ceased to accept sample records for its audit of the department's accounts.

Now it's becoming clear why the NAO wanted so much information from the child benefit database rather than merely a sample of data.

The NAO says that child benefit payments amount to £10bn. "By any objective measure, Child Benefit is material to [HM Revenue and Customs'] Resource Accounts and we have to carry out substantive audit work on this figure, if we are to obtain sufficient appropriate evidence to support the Comptroller and Auditor General's audit opinion."

In the past NAO staff, in seeking assurances about possible levels of fraud and error in child benefit payments, relied mainly on HM Revenue and Customs' own review of a sample of cases – about 1,500.

This was only a small sample. Before child benefit was run by HMRC it was administered by the Department of Work and Pensions (DWP) which used many more sample records – about 20,000 child benefit cases - to check for fraud and error.

The Tax Credits Act 2002 transferred the responsibility for the administration of child benefit from the DWP to HMRC.

Worried that HMRC tested too few child benefit cases to give any assurances for audit purposes, NAO staff decided to do their own comprehensive analysis of child benefit data - which is why they asked HMRC to provide the entire child benefit database, though they suggested the names of parents, addresses and bank account details were removed first. An NAO employee sent an email to the Benefits Office, which is part of HMRC, on 13 March: "I do not need address, bank or parent details in the download – are these removable to keep the file smaller?"

A Benefits Office employee declined politely to provide edited information from the child benefit database. The reply to the NAO, which was emailed about an hour later, said: "I must stress we must make use of [existing] data we hold and not overburden the business by asking them to run additional data scans/filters that may incur a cost to the department."

In deciding to do their own larger-scale checks the NAO staff were motivated by new, more exacting international standards on auditing.

An NAO executive has written to an HMRC director to apologise for not explaining clearly to HMRC's Finance Director the implications of the change in audit approach. The executive said to the HMRC director in a letter dated 9 November 2007: "We are obviously aware that there are a number of lessons to be learned from this incident [that of the two missing, unencrypted CDs which contained information on 25 million people on the child benefit database]. The NAO executive added: "Clearly we have to suspend the way in which we are currently accessing child benefit data; and I am happy to confirm that we have now done this. We will need to discuss with you how we can meet our obligations under the auditing standards whilst helping you to maintain the high standards of data security sufficient to satisfy the responsibilities we both have for data protection."

Read more on Privacy and data protection