Friday 21 December 2007

Disconnected

Disconnected
The question posed:

Is HMRC fit for purpose?

Judging from the conclusion of "The Capability Review" the answer would appear to be "No!".

The Capability Review was undertaken by the cabinet secretary, and head of the Home Civil Service, Sir Gus O'Donnell. He reported that HMRC will meet its efficiency savings, but will miss seven of its ten service-level targets.

Middle managers are unclear about senior management's vision for the department's future. Only 17% of middle managers think senior management is effective at leadership.

Quote:

"The department needs to address a disconnect..about the ability of HMRC to set direction."

The report notes that a restructuring of HMRC's management lines and responsibilities is required.

A complicated 'matrix-management' structure at the department and extensive use of sub-committees has 'diffused accountability', leading to an increase in risk of errors being made further down the organisation.

Basically, no one knows that they are doing or meant to be doing.

It is hardly surprising that HMRC lose things!


www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Thursday 20 December 2007

Sauce For The Goose

Sauce For The Goose
This being the season of goodwill to all, it is refereshing to see that the HMRC is being served a generous portion of sauce for both the goose and the gander.

Dave Partridge, the Chief Operating officer from the Revenue and Customs prosecutions office, has been fired following concerns that his wife had been employed by the department as a consultant.

Partridge had his contract terminated in August after an inquiry into the employment of his wife, Michaela.

Britain, being such and open democracy, is only now learning of the story as a result of questions being asked in parliament. Richard Bacon, a Conservative member of the House of Commons public accounts committee (PAC), said that Mrs Partridge or her company had been paid £97,907 since her husband was appointed in September 2005.

The RCPO is in charge of prosecuting tax fraud and other major criminal cases, including drug smuggling and money laundering.

Bacon has called for MPs to investigate the RCPO accounts, and to look into propriety at HM Revenue and Customs after new figures suggested that the department was responsible for almost half of the fraud committed across all government departments.

It seems that 190 cases of fraud were reported in HMRC in the last financial year. They were worth more than £1.75m, 45.4% of the value of all departmental fraud.

Kind of ironic isn't it?

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Wednesday 19 December 2007

Fuckwits

HMRC
As Oscar Wilde once wrote, almost:

"To lose one set of discs is careless, to lose seven is downright fuckwitted!"

It beggars belief, but the fuckwits in HMRC have announced that yet another set of data has in fact been lost.

This time the "professionals" in Her Majesty's Revenue & Customs have admitted losing the personal details of over 6,500 people claiming pensions.

The details were lost at an office of HMRC in Cardiff, after a data cartridge went missing in September. The cartridge had been sent to the Cardiff office by Countrywide Assured, a life assurance and pensions company.

Details on the cartridge included names, addresses, national insurance numbers and pension contributions, according to Graham Kettleborough, chief executive officer of Chesnara, the parent company of Countrywide Assured.

The cartridge was signed for when it reached the office, but was subsequently mislaid. However, the spokesperson insisted that, because the information on the data cartridge can only be accessed by a mainframe computer, the risk to the individuals involved is "very low".

Oh, so that's alright then!

These fuckwits have no idea what the hell they are doing.

Why have then not been fined and sent to trial for negligence?

HMRC said in a statement on Tuesday:

"We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise to all those affected."

As I have said before, a class action should be taken out against HMRC by all those who have had their personal security compromised by HMRC's negligence.

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Tuesday 18 December 2007

A Serving of Fudge

A Serving of Fudge
Alastair darling served MP's up a generous portion of fudge yesterday, when he outlined the results of the Poynter review into the HMRC "Datagate" fiasco.

Seemingly the review is not yet finished.

How convenient!

"Let us wait and establish the facts rather than jump to conclusions."

Was Darling's response to detailed probings from MPs.

In the meantime, Poynter has come up with a few urgent recommendations.

HMRC will need a new organisational structure, simpler one with accountability at executive level.

A fair point, the trouble is "simplicity" and Gordon Brown simply do not go together.

Here are some his other recommendations, the pharse "bleeding obvious" springs to mind:
  • A reminder to all staff from the Chairman of HMRC of the importance of data
    security with some specific guidance


  • The appointment of a senior official to the new post of Director of Data
    Security


  • The appointment of Data Guardians in each area of HMRC


  • The imposition of a complete ban on the transfer of bulk data onto removable
    media without adequate security protection such as encryption


  • The disabling of the download function on all personal and laptop computers
    in use across HMRC to prevent their use to download data onto removable
    media


  • The utilisation of secure couriers and appropriate tamper proof packaging in
    the transport of bulk data stored on removable media
The full verdict on the failure HMRC's data procedures is due "in the first half" of next year. A standard ploy by government, designed to ensure that by then everyone will have lost interest in the subject.

Here is the Poynter Review in full (all 6 pages of it).

A nice little earner for the consultants!

By the way, let us be perfectly clear, the report is complete shite and a waste of our money (anyone who uses the phrases "world class" and "HMRC" in the same sentence is clearly out of his depth).

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Monday 17 December 2007

Lost

Lost
Oh dear, the poor old HMRC does seem to be having trouble keeping track of things.

As if losing the data records of 25 million people was not bad enough, HMRC have now managed to lose a stash of coke and some fake passports.

Seized drugs, worth £80K, and other goods went missing from a "secure" HMRC store at Coventry Airport. Detectives are investigating if the items were stolen or have been lost.

Way to go lads!

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Friday 14 December 2007

Spin

Spin
The Chairman of PricewaterhouseCoopers, Kieran Poynter, will publish an interim report into the IT failures at the HMRC on Monday. It had been scheduled for today, unaccountably it is being delayed until the final week in the run up to Christmas.

I wonder why?

Coincidentally, or maybe not, Chancellor Alistair Darling is to announce measures on Monday that will in his view prevent a repeat performance of "Datagate". He will also call a halt to the police search for the missing discs.

The search was downgraded last week from 47 detectives to 32.

Needless to say, HMRC and the government continue to blame a junior member of staff for the loss.

How convenient!

This blame game continues to be played out, despite the fact that the CDs were sent unencrypted three times and the HMRC ignored a request to send only part of the information rather than the complete database.

A pretty lousy way to deflect blame, and to spin the story, but this is what we have come to expect from this government.

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Thursday 13 December 2007

The Dead Hand of The HMRC

The Dead Hand of The HMRCHMRC just can't seem to get anything right these days, aside from losing the personal data of 25 million people it is now trying to force through new tax rules that at best is regarded as "sloppy".

The new rules relate to the practice of "income shifting" that "husband and wife" firms use to reduce their tax bills.

The Treasury proposes to stop business owners paying less tax by shifting part of their income to a co-owner, spouse or family member who is subject to a lower tax rate.

This practice was used by Geoff and Diana Jones, owners of IT contractor company Arctic Systems, and subsequently endorsed by the House of Lords.

However, the government refuses to accept this ruling, saying Mr Jones had deliberately lowered his earnings so that Mrs Jones could get some of that income as dividends.

It now says that someone in a company or partnership who passes their income, as dividends or partnership profits, to a "connected" person just because that person pays a lower rate of tax is "unfair."

Well, life is unfair but what are you going to do about it?

The ICAEW is quite rightly unimpressed, and warns that:

"This will lead to yet more uncertainty for many entrepreneurs, who are likely to have to spend much more time looking over their shoulders to see if HMRC will attack their structure."

They go on to add:

"We are very disappointed that this is yet another instance where relatively brief legislation is being supplemented by lengthy HMRC guidance, which has no place in law."

One of Brown's old tricks, when he was chancellor, was to present a nice neat headline during his budget speech; which, when detailed by the Treasury and interpreted by HMRC, turned out to be a real can of worms.

As already noted on this site, the most effective way to cut the costs of HMRC and to save taxpayers' money is to simplify the tax system.

This will not happen as long as Brown is in government.

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Wednesday 12 December 2007

The Accident Waiting To Happen

The Accident Waiting To Happen
It should come as no surprise whatsoever to learn that the government was warned, nearly 4 years ago, that the "Datagate" fiasco at HMRC was an accident waiting to happen.

Auditors warned the government in March 2004 about a series of potential dangers in the way that HMRC staff used a database containing 25 million child benefit records.

Specifically the auditors warned that the system was open to fraud.

Did the government or HMRC do anything to address the issues raised by the auditors?

Did they fuck!

HMRC and the government, because of their negligence and incompetence, have jeopardised the personal security of 25 million people for the next 20 years.

The 25 million people affected should sue the government and HMRC, via a class action, for negligence and incompetence.

Despite "Datagate", it seems that the governement still hasn't learnt its lessons from this fiasco:
  • Two computer discs with details of more than 7,000 Northern Ireland motorists have been lost in the post after being sent to the DVLA in Swansea


  • Confidential personal details of dozens of prisoners, including their criminal records, have been delivered to a private company instead of going to Norfolk Police


  • Personal details of 1,800 Merseyside health-authority staff, including their salaries and pension details, have been accidentally sent out to a number of private firms
The government, and its organs of state, cannot be trusted with the private details of its citizens.

The only way to make this government take security of personal data seriously is to make a class action against it, using the HMRC case.
www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Tuesday 11 December 2007

Brown Rewrites History

Brown Rewrites History
Gordon Brown, architect of HMRC, apparently is not averse to employing the "Orwellian" strategy (as espoused in "1984") of re writing history to suit his own ends.

The difference between the Brown's method, and that detailed in "1984" is that Orwell assumed that a reasonable period of time would elapse between an event happening and the state adjusting history. Brown wades in within minutes of an event and rewrites it, especially if that event concerns his beloved HMRC.

When HRMC's acting head David Hartnett revealed last week that there had already been seven significant data losses at HMRC, he was asked directly if it indicated systemic failure at HMRC.

Hartnett said:

"I think ... it may well do."

That is a matter of public record.

However, Gordon Brown was asked about it a few hours later and flatly denied that Hartnett had ever made the comment.

Quote:

"I don't accept that that is what the chairman (Hartnett)...said..."

Rumour has it that Brown will soon be saying that the HMRC did not lose the personal data of 25 million people.

With people like this running the country we are well and truly fucked!

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Monday 10 December 2007

Wanted Dead or Alive

Dog The Bounty Hunter
Following on from the "Datagate" fiasco, the ever "on the ball" and "alert" directors of HMRC have "sprung" into action and offered a reward for the return of the missing discs that contain the personal details of 25 million people.

Now the data on the discs, were it to fall into the wrong hands, is estimated to be worth around £1.5BN on the black market. Therefore only a substantial reward is likely to encourage the more nefarious elements of society to hand these discs over.

How much then are HMRC offering as a reward?

-£1M?

Lower!

-£500K?

Lower!

-£100K?

Lower!

-£50K?

Lower!

Give up?

HMRC value the data at a mere £20K maximum. That means that they believe that the data, and by definition the security of the individual tapxayer, is worth no more than 0.008 pence per head.

That is how little they value their "customers", no wonder they treat security with such a cavalier attitude!

The search by the police has proved fruitless, and they have issued an appeal to all HMRC, the National Audit Office and the Treasury to check at work and "other locations" for the discs.

I wonder if HMRC know where all these "other locations" really are?

A pathetic response to a fiasco that should never have happened in the first place.

Send for Dog The Bounty Hunter!

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Friday 7 December 2007

Saying Sorry

Saying Sorry
You know how that saying sorry can be a very painful and troubling process for some people?

Well, that's not the case for the good old boys from the HMRC.

As soon as it was reported that they lost the data records for 25 million people, and put those people's personal security at risk for the next 20 years, HMRC were on the case immediately with an apology letter.

Over 7 million were sent.

Great!

Apart from the fact that their apology letter was a breach of security, and some of those letters have got lost.

However, let us not dwell on uncomfortable realities such as those.

The important point was that a letter was sent, and everybody knows that HMRC is really sorry.

Oh, one small point...

How much did it cost to send over 7 million letters?

From the perspective of HMRC, absolutely nothing at all.

How is that?

Well, HMRC of course use our money (taxes to be precise) to pay for their costs; it's a win win situation, if you are HMRC.

The cost to the tax payers of them paying for this letter?

Oh, a mere £3M.

Money well spent!

The funny thing is that HMRC have been very reluctant to tell the taxpayers how much they were charged for sending a letter of apology.

Why would that be then?

Are HMRC ashamed of themselves?

Or is it that they don't believe that the taxpayer has the right to know what HMRC is doing with taxpayers' money?

By the way, one other small point, at a "hotseat" briefing just after Chancellor Darling admitted to the loss of data, acting chairman David Hartnett answered questions from staff through the HMRC intranet.

He was asked how much the costs of the apology letters were going to be.

He answered £2M.

Yet the reality is £3M.

How embarrassing for him, a member of HMRC who can't do their sums.

However, as I said at the outset, the cost to HMRC of saying sorry is nothing; they don't give a stuff, so why should they be bothered to get their sums right?

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Thursday 6 December 2007

Systemic Failure

Systemic FailureQuell surprise!

David Hartnett, the director general of the HMRC, has admitted that there have been other HMRC blunders that have led to data loss.

You know I wonder why people don't just take a class action against these idiots for negligence and incompetence, as their actions have placed the personal security of millions at risk over the next 20 years.

Hartnett has admitted there have been seven other significant data losses in recent years.

He told the Treasury select committee that there had already been seven instances of data loss, classified internally as "of some significance", since the Inland Revenue and Customs & Excise merged in 2005.

Why are we only hearing about these losses now?

Rather embarrassingly for Chancellor Alistair Darling, these revelations contradict his claims that the recent loss of data was an isolated incident.

Hartnett agreed with committee chairman Michael Fallon when he asked:

"If you have had seven serious security breaches in the two-and-a-half years since you were set up doesn't that indicate systemic failure?"

Among the cases of lost data, admitted to by Hartnett, was the case in Nottingham where "confidential waste" literally fell off the back of a lorry.

In another incident a lap top with the information of 15,000 Standard Life customers on was lost by the HMRC.

In May a number of letters with tax credit information on were sent to wrong addresses.

These are just the cases that HMRC are reluctantly prepared to admit to.

What else is going on that they haven't yet admitted to?

Clearly the HMRC is not fit for purpose.

Paul GrayI would also ask this, if HMRC is not fit for purpose and the head of HMRC has publicly admitted that there has been systemic failure, why is it that Gray (the ex head) is still being paid £200K for doing sweet FA?

A class action is what is need here. Lawyers such as these in the US would be ideal for such an action Milberg Weiss.

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Wednesday 5 December 2007

A Question of Security

A Question of SecurityThere has been much "hoo hah" in the media and parliament recently about the HMRC data loss debacle.

That is hardly surprising given that the personal security of 25 million people has been put in jeopardy for the next 20 years or so.

However, when such large numbers are involved, it is sometimes easy to forget that these security lapses affect real people with real families and real lives. It is also worth remembering that this is not the first time (or, I suspect, the last) that HMRC has placed the security of individuals at risk because of its cavalier attitude to its "customers" and their personal data.

Here is one example of lax security, sent to me by Graham:

"Mr Peter Edmondson

Complaints Manager
HM Revenue and Customs
Debt Management and Banking
Complaints and Redress
Victoria Street
Shipley
West Yorkshire
BD98 8AA

C.C. Richard Summersgill,
Director,
Tax Credit Office,
Preston,
PR1 0SB.

28 November 2007.

Reference 1 : xxxxxxxxxx
Reference 2 : SAR ref: xxxxx

Dear Sir or Madam,

I am writing to complain about a most serious occurrence. This becomes even more serious when one takes into account the current publicity about the data protection fiasco that exists not only within HMRC, but throughout Government departments as a whole.

Yesterday I received some of the data requested in my Subject Access Request of 21 October 2007, in the form of a two-inch stack of A4 sized paperwork. Sometime after sealing, the package had been opened and then deposited inside a clear polythene bag, secured with a plastic tie-wrap, by Royal Mail.

The bag contained no communication from Royal Mail that the package had been damaged in transit. The opening on the “jiffy-bag” seems to have been made with a knife or other sharp implement of some description – I believe that it is too neat to have been an accidental opening.

The package was sent by second class, untraceable, mail and the postmark was not dated. The accompanying letter had a date of 20 November 2007, and I received the package on 27 November 2007. There therefore exists the possibility that the extensive data contained within the package could have been open to scrutiny, by the unscrupulous, for several days.

Also, because I had not received an acknowledgement from HMRC to my SAR request, I did not know whether to expect this information or not – and was, in fact, about to write another complaint letter on that very subject; it seems I have been pre-empted. To make the package even more attractive to interception, the return address that was printed on the address label informed the reader that this was from the SAR department – an open invitation for prospective data thieves.

The data printouts contained in the package included:

My address, my previous addresses, my NI number, my telephone numbers, details of my employer and MY BANK DETAILS.

My current partners’ address, NI number, telephone numbers, details of employer and her BANK DETAILS.

My former wifes’ NI number, details of employer and BANK DETAILS.

It is known, although not yet widely, that both internal and external fraud are major problems at the Tax Credit Office. The details, outlined above, are sufficient to pass your current security checks when talking to HMRC Tax Credit Officials or contracted Operatives on the telephone.

HMRC, unfortunately, are in the position of being Trustees of my personal and vulnerable data. I was in the Royal Navy Submarine Service for twenty years, working on Diesel, Fleet Nuclear, Polaris and Trident submarines and know quite a lot about security, security policies and data security. I, therefore, never leave things to chance:

With immediate effect, please issue me with a new NI number.

I will be contacting my bank to ask if it is possible to issue me with a new account number. I have held this account for 33 years! I demand that any costs incurred in changing my bank account number be reimbursed by the relevant Department within HMRC.

I am not in contact with my former wife. HMRC are to inform her of this probable breach of her personal details, and the possible dangers.

My current partner will be contacting you independently.

I have contacted the Police, and they have advised me to contact Royal Mail Investigations. I shall. This, however, will only deal with the probability that my package was intercepted within the postal system. The onus of the content and the method by which it was sent will fall on HMRC.

It is also worth highlighting that this complaint has implications for every communication that HMRC send, from the simplest letter, to award notices and beyond. As the bare minimum, everything should be sent by some traceable means.

Please note that I am forwarding a copy of this letter to my MP, other influential Politicians and The Information Commissioner, as well as several newspapers. I am also the WebMaster for Tax Credit Casualties and will be publicising it to their ever-growing membership.

I will, however, remove my vulnerable details before doing so!!

Yours Sincerely
..."

I wonder how many more of these cock ups are out there, yet to be discovered?

http://www.blogger.com/www.hmrcisshite.com is brought to you by http://www.kenfrost.com/ "The Living Brand"

Tuesday 4 December 2007

The Comeback Kid

The Comeback Kid
Question:

-When is a resignation not really a resignation?

Answer:

-When you are a senior member of the HMRC.

As proven by the very curious case of the recently "resigned" ex head of HM Revenue and Customs, Paul Gray. Gray "fell on his sword" (temporarily it would seem) over the fiasco of the loss of data belonging to 25 million people.

At the time, when Gray "resigned", one could have had a degree of respect for the man for actually taking such prompt and swift action to demonstrate that he took responsibility for this mother of all fuck ups.

Unfortunately any feelings of respect for him have been somewhat short lived, as he has now made a stunning comeback (after only 13 days) on a salary of £200K per annum.

Not bad for someone who put the security of 25 million people at risk for the next 20years.

Gray has taken up a position under Sir Gus O'Donnell, the Cabinet Secretary.

Here's a few more questions:

-What is his new role?

-Something important?

-Something worth £200K per annum?

Well, not exactly.

He is now involved with "special projects to develop civil service skills".

The Civil Service bullshit their way through this "jobs for the boys" appointment as follows:

"..for contractual reasons, he remains a senior civil servant. He will be leaving the civil service at the end of this year.

In the meantime, he has agreed to a request from Cabinet Secretary Sir Gus O'Donnell to undertake a short piece of work on cross-government matters until Christmas.

When he resigned with immediate effect, Paul Gray's period of notice meant that he would be paid until the end of the year.

As a result, he could receive payment for no work, or receive payment for doing some work.

It was thought to be better in the public interest that he did some work. There is no additional cost to the public purse. He will leave the payroll on 31 December
."

Now that bullshit above might be plausible to those people, such as those in the civil service, who have no experience of the real world. However, those of us who have experience of the real world can use a simple but effective accounting term to describe the above reasoning.

It is bollocks!

It would be very easy to argue, were it to be taken to court, that Gray resigned because of gross incompetence and negligence. After all, if the loss of data belonging to 25 million people isn't incompetent then what is?

Were he not to have resigned he would have been sacked.

Those lower down the pecking order in the HMRC would most certainly not have been treated so well.

Based on the above, he most certainly is not deserving of remaining under contract.

In the private sector, when senior staff are sacked (for restructuring reasons, rather than incompetence) they often re-emerge as "consultants" on a higher level of pay. The nature of the reported figures means that the headcount of full time staff will appear to have fallen, even though the reality is different.

The government, Gordon Brown and Gray's chums haven't got that nice fig leaf to hide his reappointment.

One must therefore ask, what does he know that the government and his ex boss Gordon Brown are so afraid of that they are willing to taken the flack for this most absurd public appointment?

There are some very large skeletons in the HMRC cupboard just waiting to come out.

Mark my words!

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Monday 3 December 2007

Heads in The Sand

HMRC Heads in The Sand
Much like ostriches with their heads in the sand, the people "in charge" of HMRC are refusing to learn the lessons of the recent shambolic loss of data and are still using the post to transfer people's personal details.

The Telegraph reports that details of 9 million people's investments (worth £60BN) are being sent insecurely through the post, because HMRC requires these discs to be unencrypted.

HMRC requires fund managers to submit details every year of all investors' names, addresses, dates of birth, National Insurance numbers and the amount each individual has invested in Isas and Peps.

So far so good.

However, HMRC stipulates that this data must be delivered in an unencrypted extended binary coded decimal interchange code (EBCDIC), or American standard code for information interchange (ASCII) text format.

Why does HMRC make such a stipulation?

Richard Saunders, chief executive of the Investment Management Association (IMA), believes that he has the answer:

"I assume this is because HMRC does not have systems to cope with this information in encrypted form and it may cost more for it to have systems that cope with secure data."

Mr Saunders has written to David Hartnett, chairman of HMRC, asking for this practice to be stopped. He awaits a response.

A spokesman for HMRC said:

"Sorry, we are not commenting as this falls under the terms of reference of the Poynter review."

So that's alright then!

They just don't get this security issue do they?

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Saturday 1 December 2007

Fair Comment

My thanks to "Anonymous" for this comment:

"I think "hapless staff" is a bit harsh. We're discouraged from individual thought and pushed towards being 'standard', and being positive towards things that we may hate (like how we're having to conduct our business now) otherwise we fail our end-of-year reviews and don't get our less than inflationary pay rise... great conditions, I wonder how things go wrong?

And it's no fun having to try explain to someone (I'm not calling you guys "customers", you have no choice but to deal with us!!) that "Yes, we've bollocksed up again...", and suffer the abuse that sometimes follows, when really we all wanna do is a good job but certain factors prevent this.

We're not after sympathy or anything, but would be nice if people lay off us staff and direct their disgust towards the top of the tree, we're not happy about how things are, losing data, etc, makes us look bad and we're as human as you all are really...

...and we have to pay those damn taxes too!!"


To a very large extent the shambles that is HMRC is down to Gordon Brown's truly awful bodged up job of bolting together Customs and Revenue, and a remarkably inept senior management egged on by the clueless and greedy Treasury.
www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Friday 30 November 2007

What a Shambles!

Poor old HMRC, they really can't quite get the hang of addressing an envelope properly.

I guess what with the strain of losing data discs on a regular basis, they can't quite focus their minds on more mundane activities such as envelope addressing.

The Oxford mail reports that the good old boys in HMRC sent Ron Leaver and Tracey Giles a number of letters over a period of months.

So far so good.

Unfortunately, the letters contained child benefit and national insurance numbers meant for other people.

Mr Leaver, from Merton near Bicester, received over a dozen letters that were in fact meant to go to Buckinghamshire County Council.

The letters contained a veritable smorgasbord of names and NI numbers of former council employees, one even contained a cheque for £2,000.

HMRC had managed to delude themselves that the local authority, whose headquarters are in Aylesbury, was in fact based 18 miles away at a private house in a small Oxfordshire village.

Mr Leaver needless to say did point out the mistake to the ever alert HMRC, yet HMRC continued to send him the letters.

He is quoted in the Oxford Mail:

"I'm disgusted with the situation. No one has been able to tell me why they did this.

If it's happening to me is it happening to other people?

It's an absolute shambles
."

Needless to say if it happens to one person, as sure as eggs are eggs, it will happen to another. Tracey Giles, from Hempton, found this out for herself. She was sent a letter meant for a Tracey Mason.

The letter was an apology for losing the data discs, and of course contained the NI and child benefit numbers of the intended recipient.

Ms Giles is now worried, not unreasonably, that someone else has her details thanks to the mind numbing incompetence of HMRC.

An HMRC spokesman said:

"We apologise for any inconvenience caused. We are currently writing to over seven million child benefit claimants. Letters are still being sent, so people shouldn't worry if they haven't yet received an apology."

Here is a free piece of advice to HMRC, the sending of the apology letters (as pointed out earlier on this site) is a major security blunder. Given that all of the letters have not yet been sent, HMRC should stop sending any more now.

Now that they have been publicly told that the apology letters represent a major security risk, not to stop sending them is criminally negligent.

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Thursday 29 November 2007

Fuckwits

Congratulations to the HMRC for proving that despite things being farking awful last week, it is more than capable of making things worse.

In a rush to cover backsides, and to look contrite, HMRC sent millions of apology letters to those who had their personal details placed at risk as a result of the HMRC disc blunder.

Unfortunately this act of contrition exposed the hapless victims of HMRC incompetence to even greater risk of fraud and id theft:
  • The postal system is notoriously open to abuse and theft (over a million letters are lost everyday)


  • The apology letters contained the details on the missing discs. Thereby giving the criminals another bite of the apple


  • The letters which contain names, National Insurance and child benefit numbers are being delivered to the last known addresses of the recipients.

    It doesn't take a genius to realise that some of the millions of people sent these letters may have moved (1 in 10 people move each year). Therefore many of the letters containing these private details are being delivered to the wrong people.

    Oh, but that's alright, HMRC are blaming the taxpayers who have moved for not keeping HMRC up to date with their moves
Hardly a stellar performance from the HMRC.

Have the people in HMRC never been trained in the basics of security, fraud and id theft prevention?

Needless to say this latest screw up has brought more problems down on the heads of those claiming to run the HMRC. The Information Commissioner will now investigate this latest security lapse.

The Information Commissioner is now pursuing three inquiries into breaches of confidentiality by HMRC.

It would seem that the people running HMRC, and indeed the government itself, has little clue about the concept of security and id theft; this is the same government that wants to impose a national id card scheme on an unwilling population.

Those who don't receive a letter of apology are being asked to ring an HMRC helpline.

Congratulations to the HMRC for making matters worse and exposing 25 million people to the threat of fraud and id theft twice in two weeks, a double whammy.

Fuckwits!

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

Wednesday 28 November 2007

Disgruntled Lemmings

Not surprisingly, given the recent "kerfuffle" at the HMRC, morale amongst the hapless staff of this much maligned organisation is at an all time low.

Seemingly the employees have requested punchbags, squeeze balls and aromatherapy in order to relieve the stress that they feel.

What about the tax payers who have to deal with HMRC?

These demands had been posted on an HMRC staff discussion website (www.disgruntled-lemmings.com) which has been taken offline.

HMRC have stated that the website is not one of theirs.

Here is what the site looked like in July 2007 Disgruntled Lemmings.

Those of you who are keen to search a bit more on Google etc for caches may be pleased to know that HMRC staff are normal human beings, just like ourselves.

I was heartened to read the profile of one tax credits adviser in Newcastle, who lists among her interests "drugs".

Another member of HMRC lists his interests as "fucking up binis" (I believe that they emanate from Africa).

How very "reassuring" that HMRC staff have such eclectic hobbies, and are so cavalier with their personal information.

Fortunately they would never be so indiscreet with the personal information of their customers....oh, hang on a minute...

Tuesday 27 November 2007

The Vengeful HMRC

Members of the House of Lords vent their spleens against HMRC in The Times:

Sir,

Comment on the fiasco of the missing discs has concentrated on the sheer incompetence of those involved. Little attention has been paid to the doubtful legality of what Her Majesty’s Revenue and Customs sought to do.

The discs contained highly confidential information on 25 million people. HMRC had no right whatever to supply such information to a third party except in response to a request from a body with a statutory power to demand it. It may be assumed that the National Audit Office has such a power; but it did not ask for the banking and other details that HMRC included in the information it tried (unsuccessfully) to supply.

It would be interesting to know what possible justification the department had for attempting to supply confidential information for which it was not asked. The cost of excluding such information cannot possibly be a sufficient excuse.

Lord Millett
House of Lords

Sir,

I agree with Libby Purves (“They hate you. And in the end R&C will get you”, Nov 23). In common with quite a number of people, the compilation of my tax return is a complex exercise and I have to employ a professional adviser. Six years ago it sent me a refund cheque for £138,512.48 which, although a very pleasant surprise, was totally wrong. I subsequently learnt that to send a refund cheque of such magnitude required the approval of several people.

I wrote to the Chairman of Inland Revenue returning the cheque, and in my letter made a comment which proved to be extremely accurate. I said: “What concerns me in this issue is that if I, or indeed, any other taxpayer, had made a fraction of the errors which the Revenue has made, then I would be rapidly pursued and taken to task in no uncertain way for such an error.” David Hartnett, who has now taken over as acting chairman of HMRC, said: “I am very sorry that we have compounded our earlier errors by incorrectly sending you such a very large cheque.”

I made an error myself in a recent tax return. My “case owner” pointed out the omission to my adviser, so the likelihood of it not coming to HMRC’s attention was nil. I immediately apologised, paid the outstanding tax by return and acknowledged that I would be liable to an interest charge. I thought this would be an end to the matter, but I received a letter which inferred that my case owner thought that what I had said might be a pretty tall story, but if I confessed and agreed to pay a penalty as well as the outstanding tax and interest, the taxman might let me off lightly.

HMRC can make mistakes, no matter how large or crass. But we, the despised “customers” (do they still use that term?), are, in the words of Libby Purves, all “on the fiddle”.

I spent six years as a Permanent Secretary, and developed an enormous respect for the Civil Service, but for some reason the Inland Revenue, now HMRC, does not believe that it is the servant of the taxpayer, but rather its master. Perhaps, just perhaps, this most recent blunder will make it realise that the customer, too, should be permitted to make the occasional mistake. (HMRC has now accepted my explanation.)

Lord Levene of Portsoken
House of Lords

Monday 26 November 2007

Systematic Failure

The data protection minister, Michael Wills, today said it was "too soon" to judge whether HM Revenue & Customs had been guilty of "systemic failure" in losing the personal information of 25 million people.

His comments came as police continued to search for the two CDs, containing child benefit data relating to 7.25 million families, which have been missing since a HMRC junior manager posted the discs to the National Audit Office on October 18.

Appearing before the joint committee on human rights, Wills said there were a "number of reasons" why he was not told about the loss of data before Alistair Darling's Commons statement.

Asked by the committee chair, the Labour MP Andrew Dismore, if he agreed with the Tories' accusation that HMRC was guilty of "systemic failure", he said:

"It's far too soon for me to be able to judge that. It's certainly wrong, deeply regrettable and the prime minister has already apologised for it."

Committee members expressed incredulity that Wills, as data protection minister, was not told about the problem before it was revealed in Parliament.

Source The Guardian

Money Saving Caused Data Loss

E-mails released by the National Audit Office have confirmed that officials at HM Revenue and Customs, did not want to remove sensitive information from child benefit data sent to the auditors because doing so would cost extra.

The revelation comes as the fallout from HMRC's loss of 25 million people's records continues to rock the British government.

Chancellor Alistair Darling blamed the loss -- Britain's biggest data breach ever -- on a junior official at HMRC who had sent unencrypted disks with information on child benefit claimants to the NAO.

But the e-mails, published by the NAO alongside its briefing for the chancellor, appear to bear out key accusations made by the Conservative Party that cost was an issue and that a senior official at HMRC was aware that unfiltered data was likely to be sent.

Source Computer World

Saturday 24 November 2007

More Discs Lost

HM Revenue and Customs has confirmed that a further six data discs have gone missing in transit between its offices in Preston and London.

The discs, which were reported missing on 30 October, contained recorded conversations between a member of staff and a customer making a complaint.

Police are still searching for two computer discs containing the details of 25m Child Benefit claimants.

The HMRC says evidence suggests these two discs are still on its premises.

The second lost package, containing six discs, went missing after being sent from a tax credit office in Preston to HMRC's Whitehall headquarters in London.

They were despatched through the same internal mail system used by those who sent the two missing Child Benefit discs, which have not been seen since being posted at HMRC in Washington, Tyne and Wear, on 18 October.

Source BBC

Is the HMRC fit for purpose?

Friday 23 November 2007

Data Laws May Have Been Breached

Unencrypted discs with 25 million Child Benefit records on them were handed to an accountancy firm by government auditors, it has emerged.

The National Audit Office (NAO) gave the CDs - similar to the ones lost by HM Revenue and Customs (HMRC) officials - to accountants KPMG for auditing.

It said the discs - with bank account details on them - were delivered "by hand" to KPMG and returned safely.

The Information Commissioner is probing whether data laws were broken.

A spokesman said the commissioner would be looking at "all aspects" of data protection surrounding the missing Child Benefit records as part of its investigation.

Source BBC

The HMRC has been remarkably cavalier with people's data. Do they have any concept of the risks posed by distributing private data to all and sundry?

Darling Denies Cover Up

Chancellor Alistair Darling is standing by his version of events of how discs containing the personal details of 25 million people went missing.

The Treasury said there was nothing in e-mails released on Thursday to contradict the chancellor's account.

The e-mails suggest a senior manager was involved - something not mentioned in Mr Darling's statement to MPs.

BBC Political Editor Nick Robinson said:

"I am told that when he spoke to the Commons the chancellor had not seen the e-mails and had not been told of the potential involvement of a senior official."

He added:

"The suggestion that a single 23-year-old on low pay at the Child Benefit Centre in Washington is solely responsible for this saga may suit certain people - including the managements of the NAO and HMRC who have clearly clashed in their accounts of this affair - but it beggars belief."

Source BBC

Breathtaking Loss

Ovum principal analyst Graham Titterington encapsulated the scale of the event by saying:

"This announcement is breathtaking because of the scale of the loss but not because it is a unique event. Indeed, it is the third major data leakage from Her Majesty's Revenue & Customs [HMRC] in just three months."

Titterington continued:

"If the data has fallen into the hands of identity thieves, which is unlikely, the entire national identity ecosystem is undermined for two generations. The UK government and the nation is reduced to hoping that these two CDs are languishing in a rubbish bin somewhere."

Source ZDNet

Thursday 22 November 2007

HMRC Chairman Quits

The taxman’s policy chief Dave Hartnett has been appointed acting chairman of the department.

The appointment of Hartnett follows the sensational departure of Paul Gray over the loss of the personal data of 25 million people.

Chairman Paul Gray tendered his resignation on Tuesday immediately as the news was announced, bringing to an end his brief run at the department and disappointing advisers who had warmed to his style of management.

Source Accountancy Age

The real responsibility for this fiasco lies with Brown who set up the unmanageable HMRC in the first place.

Wednesday 21 November 2007

Government Under Fire for HMRC Data Fiasco

Ministers are facing demands for answers after 25 million people's personal details were lost in Britain's worst ever data protection breach.

The "catastrophic" blunder by HM Revenue and Customs (HMRC) means nearly half the UK's population - including leading politicians and businessmen - are at risk of identity fraud.

Chancellor Alistair Darling revealed the staggering scale of the debacle in an emergency statement to MPs, as Paul Gray, the head of HMRC, fell on his sword.

Two compact discs containing names, addresses, dates of birth, child benefit numbers, national insurance numbers and bank or building society account details of some 25 million individuals and 7.25 million families have gone missing.

The Commons emitted a collective gasp as Mr Darling explained how a junior official sent the entire child benefit database from the HMRC HQ in Newcastle to the National Audit Office in London on October 18.

In flagrant breach of the agency's procedure, the package was not even posted recorded delivery through contracted courier TNT, and never arrived at its destination.

However, senior management at HMRC were not informed of the problem until November 8, with Mr Darling and Prime Minister Gordon Brown finally brought into the loop two days later.

The officials involved apparently waited to raise the alarm because they hoped the password-protected discs would "turn up".

The Metropolitan Police is now leading the hunt for the package, while Mr Darling has ordered a probe into security procedures at HMRC and the Independent Police Complaints Commission is also investigating.

The Chancellor stressed there was no evidence that the information had fallen into criminal hands and said the public would be protected against any fraud by the Banking Code.

Source The Guardian

HMRC Failure Beggars Belief

Fred Piper, professor, director, of information security group at Royal Holloway University of London, said it "beggars belief" as to how this data loss could have occurred.

"It shouldn't happen. It beggars belief as to who authorised this, and whether they had authority to send the data or just did it," he said.

"It's a straightforward, irresponsible cock up. If you must transfer data, there should be a clear reporting structure to the value of data. If it is valuable data, then only senior staff should authorise it and that data needs adequate protection."

Source CIO

Gordon Brown set this organisation up, the responsiblity lies with him.

Fraud Threat To Last For Years

The treat of fraud arising from the HMRC lost data fiasco will last for years, and could have a catastrophic effect on the economy and on people's lives.

Children whose personal data has gone missing could be at risk of identity fraud for many years, credit reference agency Experian has warned.

The company said fraudsters could wait until children turn 18 before trying to apply for credit in their name.

Compliance director Helen Lord said this could have a "catastrophic effect" on their ability to buy or rent a home or obtain a loan or credit card.

Source BBC

Life of Misery Inside HMRC

Former employees of under-fire HM Revenue and Customs service have contacted the BBC News website to describe life inside its offices.

The news that the details of 25 million recipients of Child Benefit payments have gone missing has shone a spotlight on HMRC.

The agency collects and administers direct and indirect taxes; and pays and administers Child Benefit, Child Trust Fund and Tax Credits. It is also responsible for environmental taxes, enforcing the National Minimum Wage and recovery of student loans.

Formed in 2005 following a merger between HM Customs and Excise and the Inland Revenue, it has proved controversial since its inception.

But now it faces intense criticism after junior officials were blamed for sending computer discs with personal details of all UK families through the post - only for the discs to disappear.

Speaking anonymously - as they have signed the Official Secrets Act - two workers who recently left HMRC - have told the BBC News website that they were not surprised to hear of the blunder.

Worker A, who left after more than 10 years' service, said: "I wasn't surprised in the least when I heard the news.

The problems with Child Benefit are only the tip of the iceberg.

"Morale is non-existent. Mistakes happen continuously. Rooms full of unopened post are not uncommon.
"

Following the 2005 merger, the agency is now governed by a board made up of a chair, eight other executive directors and five non-executive directors.

Critics and unions complained that combining two distinct organisations, with very different cultures and legal powers, was always going to be a difficult task.

The government has targeted job cuts of 12,500 from the 100,000-strong workforce.

"When the merger was introduced, job duplication meant that many experienced people were made redundant," worker A said.

"So we lost many of our best people.

"Others were moved from pillar to post, and the experience hit morale even harder.

"The lowest paid were all laid off, and all of their workloads were added to everyone else's
."

He complained that after a system called "lean processing" was introduced, jobs were divided up into their individual parts - every aspect was dealt with separately, and no-one has overall ownership or responsibility for the task, he said.

"Arbitrary, individual hourly targets meant that people cut corners," he added. "It doesn't matter if you make mistakes because you won't be held accountable."

Worker B, who was in a middle management post before he left in 2006, also claimed the merger of HM Customs and Excise and the Inland Revenue negatively affected the way the departments worked.

"There was the move to using call centres, which meant that people didn't take personal responsibility any more," he said.

There were all sorts of closures of offices going on and all those sorts of things had a domino effect.

There were additional targets - stretching targets - with reductions in staff, especially experienced staff, which really didn't help the cause
."

He said he would lay the blame for the current problems "primarily at the politicians' doors".

"This is a top-down matter - due to the target-driven, staff-reducing culture."

Source BBC

Tuesday 20 November 2007

Darling Admits HMRC Data Loss

Alistair Darling told the House of Commons this afternoon that a police investigation has been launched into how Her Majesty's Revenue and Customs has lost child benefit records relating to 25 million people.

Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's own postal system, called grid, but never arrived.

The Chancellor, flanked by PM Gordon Brown, told the House that the National Audit Office requested information which was first sent to them in March, in breach of HMRC procedures, and then returned to HMRC.

In October the NAO made another request and the entire database was put onto two password-protected discs which were sent by grid post.

Those discs did not arrive and cannot be found. A further copy of the information was sent again, this time by registered post.

Darling was first told November 10 and called for an immediate search. On Monday, November 12, he was told HMRC believed it would find the data but on Wednesday Darling called the police in to investigate. Police are continuing to search NAO and HMRC offices.

Darling said in light of the most recent failures, along with previous losses of a laptop and 15,000 records, he was asking Kieron Poynter of PWC to investigate HMRC procedures. An interim report is expected next month and the full report next spring.

Banks have been informed and are monitoring relevant accounts as well as tracking back to transactions made after 18 October. Darling said police had found no evidence of the data being misused.

Vincent Cable, acting leader of the Lib Dems, asked why any information was being sent around via CD rather than electronically and if this was a result of HMRC's ancient IT system.

Richard Thomas, Information Commissioner, said:

"This is an extremely serious and disturbing security breach. This is not the first time that we have been made aware of breaches at the HM Revenue and Customs – we are already investigating two other breaches.

Any system was only as good as its weakest link
."

Thomas said:

"The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly.

As I highlighted earlier this year, it is imperative that organisations earn public trust and confidence by addressing security and other data protection safeguards with the utmost vigour
."

Thomas said the PWC report would be passed on to him, "and we will then decide what further action may be appropriate. Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO."

Jamie Cowper, Director of European Marketing at PGP Corporation, said in a statement:

"These discs should never have been transported in the first place - information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer - but more to the point, these details should not have been stored in this medium.

Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion
."

Source The Register

The Litany of Disasters

Revenue & Customs has a long litany of disasters to confess, ranging from lost laptops to the tax credit 'nightmare':

October 2007

A laptop containing data on up to 2,000 people with investment ISAs is stolen. In Parliamentary answers Ministers reveal that 41 laptops were stolen from HMRC in the past 12 months

September 2007

A CD containing names, national insurance numbers, dates of birth and pension data of about 15,000 Standard Life customers goes missing. The data was lost en route from the Revenue office in Newcastle to the company's headquarters in Edinburgh

August 2007

Businesses registering for VAT for the first time face unprecedented delays because of the Government’s attempts to crack down on carousel frauds and cut costs. In extreme cases, businesses have had to wait more than six months for their VAT registration

May 2007

HMRC forced to extend the self-assessment filing deadline to 28 May and mitigate penalties for late filing, after tax agents complain that the online serivce is so slow that the only way to file a return is at 4am or weekends

May 2007

Parliamentary Accounts Committee reports again on the tax credit system. Committee says £5.8 billion was overpaid to claimants in the first three years of the current tax credits scheme, due to administrative errors by HMRC

February 2007

HMRC comes under fire for offering tax inspectors bonuses of up to £2,000 to encourage them to collect 25 per cent more tax during 2007

December 2006

A National Audit Office report indicates that 5.7 million taxpayers may not be paying the right amount of tax because they are using the wrong tax code. HMRC estimates are that taxpayers have overpaid around £500 million via PAYE, and that £1 billion of tax may have been underpaid

January 2006

HMRC apologises to 10,000 firms after fining them at least £400 each by mistake because of a basic flaw in the design of automatic systems that issue penalty notices

September 2005

The Public Accounts Committee denounces the tax credit system as a "nightmare". MPs say tax credits have been routinely overpaid to 1.8 million claimants and claims the system may be fatally undermined by its complexity. Follows reports from the Ombudsman and complaints from Citizens Advice.

May 2002

Ten months after its launch, the Inland Revenue's self-assessment online tax returns service suffers a major security breach when taxpayers filing their tax return online were able to view each others' personal information.

Source The Times

Thursday 16 August 2007

ICAEW Demands Compensation For VAT Delay

HM Revenue & Customs should offer compensation to those businesses stuck on a VAT waiting list, the ICAEW has recommended.

The institute made the recommendation in a paper to HMRC suggesting how to resolve the 3-month backlog.

The ICAEW also wants a parliamentary inquiry into why the delays in obtaining a VAT number, which apply to online and paper registrants, are getting worse.

The ICAEW said in a statement:

"We are concerned that the continuing delays have damaged HMRC's reputation and will act to discourage good tax compliance from taxpayers."

Source Accountancy Age