Fred Piper, professor, director, of information security group at Royal Holloway University of London, said it "beggars belief" as to how this data loss could have occurred.
"It shouldn't happen. It beggars belief as to who authorised this, and whether they had authority to send the data or just did it," he said.
"It's a straightforward, irresponsible cock up. If you must transfer data, there should be a clear reporting structure to the value of data. If it is valuable data, then only senior staff should authorise it and that data needs adequate protection."
Source CIO
Gordon Brown set this organisation up, the responsiblity lies with him.
Wednesday, 21 November 2007
Fraud Threat To Last For Years
The treat of fraud arising from the HMRC lost data fiasco will last for years, and could have a catastrophic effect on the economy and on people's lives.
Children whose personal data has gone missing could be at risk of identity fraud for many years, credit reference agency Experian has warned.
The company said fraudsters could wait until children turn 18 before trying to apply for credit in their name.
Compliance director Helen Lord said this could have a "catastrophic effect" on their ability to buy or rent a home or obtain a loan or credit card.
Source BBC
Children whose personal data has gone missing could be at risk of identity fraud for many years, credit reference agency Experian has warned.
The company said fraudsters could wait until children turn 18 before trying to apply for credit in their name.
Compliance director Helen Lord said this could have a "catastrophic effect" on their ability to buy or rent a home or obtain a loan or credit card.
Source BBC
Life of Misery Inside HMRC
Former employees of under-fire HM Revenue and Customs service have contacted the BBC News website to describe life inside its offices.
The news that the details of 25 million recipients of Child Benefit payments have gone missing has shone a spotlight on HMRC.
The agency collects and administers direct and indirect taxes; and pays and administers Child Benefit, Child Trust Fund and Tax Credits. It is also responsible for environmental taxes, enforcing the National Minimum Wage and recovery of student loans.
Formed in 2005 following a merger between HM Customs and Excise and the Inland Revenue, it has proved controversial since its inception.
But now it faces intense criticism after junior officials were blamed for sending computer discs with personal details of all UK families through the post - only for the discs to disappear.
Speaking anonymously - as they have signed the Official Secrets Act - two workers who recently left HMRC - have told the BBC News website that they were not surprised to hear of the blunder.
Worker A, who left after more than 10 years' service, said: "I wasn't surprised in the least when I heard the news.
The problems with Child Benefit are only the tip of the iceberg.
"Morale is non-existent. Mistakes happen continuously. Rooms full of unopened post are not uncommon."
Following the 2005 merger, the agency is now governed by a board made up of a chair, eight other executive directors and five non-executive directors.
Critics and unions complained that combining two distinct organisations, with very different cultures and legal powers, was always going to be a difficult task.
The government has targeted job cuts of 12,500 from the 100,000-strong workforce.
"When the merger was introduced, job duplication meant that many experienced people were made redundant," worker A said.
"So we lost many of our best people.
"Others were moved from pillar to post, and the experience hit morale even harder.
"The lowest paid were all laid off, and all of their workloads were added to everyone else's."
He complained that after a system called "lean processing" was introduced, jobs were divided up into their individual parts - every aspect was dealt with separately, and no-one has overall ownership or responsibility for the task, he said.
"Arbitrary, individual hourly targets meant that people cut corners," he added. "It doesn't matter if you make mistakes because you won't be held accountable."
Worker B, who was in a middle management post before he left in 2006, also claimed the merger of HM Customs and Excise and the Inland Revenue negatively affected the way the departments worked.
"There was the move to using call centres, which meant that people didn't take personal responsibility any more," he said.
There were all sorts of closures of offices going on and all those sorts of things had a domino effect.
There were additional targets - stretching targets - with reductions in staff, especially experienced staff, which really didn't help the cause."
He said he would lay the blame for the current problems "primarily at the politicians' doors".
"This is a top-down matter - due to the target-driven, staff-reducing culture."
Source BBC
The news that the details of 25 million recipients of Child Benefit payments have gone missing has shone a spotlight on HMRC.
The agency collects and administers direct and indirect taxes; and pays and administers Child Benefit, Child Trust Fund and Tax Credits. It is also responsible for environmental taxes, enforcing the National Minimum Wage and recovery of student loans.
Formed in 2005 following a merger between HM Customs and Excise and the Inland Revenue, it has proved controversial since its inception.
But now it faces intense criticism after junior officials were blamed for sending computer discs with personal details of all UK families through the post - only for the discs to disappear.
Speaking anonymously - as they have signed the Official Secrets Act - two workers who recently left HMRC - have told the BBC News website that they were not surprised to hear of the blunder.
Worker A, who left after more than 10 years' service, said: "I wasn't surprised in the least when I heard the news.
The problems with Child Benefit are only the tip of the iceberg.
"Morale is non-existent. Mistakes happen continuously. Rooms full of unopened post are not uncommon."
Following the 2005 merger, the agency is now governed by a board made up of a chair, eight other executive directors and five non-executive directors.
Critics and unions complained that combining two distinct organisations, with very different cultures and legal powers, was always going to be a difficult task.
The government has targeted job cuts of 12,500 from the 100,000-strong workforce.
"When the merger was introduced, job duplication meant that many experienced people were made redundant," worker A said.
"So we lost many of our best people.
"Others were moved from pillar to post, and the experience hit morale even harder.
"The lowest paid were all laid off, and all of their workloads were added to everyone else's."
He complained that after a system called "lean processing" was introduced, jobs were divided up into their individual parts - every aspect was dealt with separately, and no-one has overall ownership or responsibility for the task, he said.
"Arbitrary, individual hourly targets meant that people cut corners," he added. "It doesn't matter if you make mistakes because you won't be held accountable."
Worker B, who was in a middle management post before he left in 2006, also claimed the merger of HM Customs and Excise and the Inland Revenue negatively affected the way the departments worked.
"There was the move to using call centres, which meant that people didn't take personal responsibility any more," he said.
There were all sorts of closures of offices going on and all those sorts of things had a domino effect.
There were additional targets - stretching targets - with reductions in staff, especially experienced staff, which really didn't help the cause."
He said he would lay the blame for the current problems "primarily at the politicians' doors".
"This is a top-down matter - due to the target-driven, staff-reducing culture."
Source BBC
Tuesday, 20 November 2007
Darling Admits HMRC Data Loss
Alistair Darling told the House of Commons this afternoon that a police investigation has been launched into how Her Majesty's Revenue and Customs has lost child benefit records relating to 25 million people.
Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's own postal system, called grid, but never arrived.
The Chancellor, flanked by PM Gordon Brown, told the House that the National Audit Office requested information which was first sent to them in March, in breach of HMRC procedures, and then returned to HMRC.
In October the NAO made another request and the entire database was put onto two password-protected discs which were sent by grid post.
Those discs did not arrive and cannot be found. A further copy of the information was sent again, this time by registered post.
Darling was first told November 10 and called for an immediate search. On Monday, November 12, he was told HMRC believed it would find the data but on Wednesday Darling called the police in to investigate. Police are continuing to search NAO and HMRC offices.
Darling said in light of the most recent failures, along with previous losses of a laptop and 15,000 records, he was asking Kieron Poynter of PWC to investigate HMRC procedures. An interim report is expected next month and the full report next spring.
Banks have been informed and are monitoring relevant accounts as well as tracking back to transactions made after 18 October. Darling said police had found no evidence of the data being misused.
Vincent Cable, acting leader of the Lib Dems, asked why any information was being sent around via CD rather than electronically and if this was a result of HMRC's ancient IT system.
Richard Thomas, Information Commissioner, said:
"This is an extremely serious and disturbing security breach. This is not the first time that we have been made aware of breaches at the HM Revenue and Customs – we are already investigating two other breaches.
Any system was only as good as its weakest link."
Thomas said:
"The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly.
As I highlighted earlier this year, it is imperative that organisations earn public trust and confidence by addressing security and other data protection safeguards with the utmost vigour."
Thomas said the PWC report would be passed on to him, "and we will then decide what further action may be appropriate. Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO."
Jamie Cowper, Director of European Marketing at PGP Corporation, said in a statement:
"These discs should never have been transported in the first place - information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer - but more to the point, these details should not have been stored in this medium.
Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion."
Source The Register
Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's own postal system, called grid, but never arrived.
The Chancellor, flanked by PM Gordon Brown, told the House that the National Audit Office requested information which was first sent to them in March, in breach of HMRC procedures, and then returned to HMRC.
In October the NAO made another request and the entire database was put onto two password-protected discs which were sent by grid post.
Those discs did not arrive and cannot be found. A further copy of the information was sent again, this time by registered post.
Darling was first told November 10 and called for an immediate search. On Monday, November 12, he was told HMRC believed it would find the data but on Wednesday Darling called the police in to investigate. Police are continuing to search NAO and HMRC offices.
Darling said in light of the most recent failures, along with previous losses of a laptop and 15,000 records, he was asking Kieron Poynter of PWC to investigate HMRC procedures. An interim report is expected next month and the full report next spring.
Banks have been informed and are monitoring relevant accounts as well as tracking back to transactions made after 18 October. Darling said police had found no evidence of the data being misused.
Vincent Cable, acting leader of the Lib Dems, asked why any information was being sent around via CD rather than electronically and if this was a result of HMRC's ancient IT system.
Richard Thomas, Information Commissioner, said:
"This is an extremely serious and disturbing security breach. This is not the first time that we have been made aware of breaches at the HM Revenue and Customs – we are already investigating two other breaches.
Any system was only as good as its weakest link."
Thomas said:
"The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly.
As I highlighted earlier this year, it is imperative that organisations earn public trust and confidence by addressing security and other data protection safeguards with the utmost vigour."
Thomas said the PWC report would be passed on to him, "and we will then decide what further action may be appropriate. Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO."
Jamie Cowper, Director of European Marketing at PGP Corporation, said in a statement:
"These discs should never have been transported in the first place - information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer - but more to the point, these details should not have been stored in this medium.
Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion."
Source The Register
The Litany of Disasters
Revenue & Customs has a long litany of disasters to confess, ranging from lost laptops to the tax credit 'nightmare':
October 2007
A laptop containing data on up to 2,000 people with investment ISAs is stolen. In Parliamentary answers Ministers reveal that 41 laptops were stolen from HMRC in the past 12 months
September 2007
A CD containing names, national insurance numbers, dates of birth and pension data of about 15,000 Standard Life customers goes missing. The data was lost en route from the Revenue office in Newcastle to the company's headquarters in Edinburgh
August 2007
Businesses registering for VAT for the first time face unprecedented delays because of the Government’s attempts to crack down on carousel frauds and cut costs. In extreme cases, businesses have had to wait more than six months for their VAT registration
May 2007
HMRC forced to extend the self-assessment filing deadline to 28 May and mitigate penalties for late filing, after tax agents complain that the online serivce is so slow that the only way to file a return is at 4am or weekends
May 2007
Parliamentary Accounts Committee reports again on the tax credit system. Committee says £5.8 billion was overpaid to claimants in the first three years of the current tax credits scheme, due to administrative errors by HMRC
February 2007
HMRC comes under fire for offering tax inspectors bonuses of up to £2,000 to encourage them to collect 25 per cent more tax during 2007
December 2006
A National Audit Office report indicates that 5.7 million taxpayers may not be paying the right amount of tax because they are using the wrong tax code. HMRC estimates are that taxpayers have overpaid around £500 million via PAYE, and that £1 billion of tax may have been underpaid
January 2006
HMRC apologises to 10,000 firms after fining them at least £400 each by mistake because of a basic flaw in the design of automatic systems that issue penalty notices
September 2005
The Public Accounts Committee denounces the tax credit system as a "nightmare". MPs say tax credits have been routinely overpaid to 1.8 million claimants and claims the system may be fatally undermined by its complexity. Follows reports from the Ombudsman and complaints from Citizens Advice.
May 2002
Ten months after its launch, the Inland Revenue's self-assessment online tax returns service suffers a major security breach when taxpayers filing their tax return online were able to view each others' personal information.
Source The Times
October 2007
A laptop containing data on up to 2,000 people with investment ISAs is stolen. In Parliamentary answers Ministers reveal that 41 laptops were stolen from HMRC in the past 12 months
September 2007
A CD containing names, national insurance numbers, dates of birth and pension data of about 15,000 Standard Life customers goes missing. The data was lost en route from the Revenue office in Newcastle to the company's headquarters in Edinburgh
August 2007
Businesses registering for VAT for the first time face unprecedented delays because of the Government’s attempts to crack down on carousel frauds and cut costs. In extreme cases, businesses have had to wait more than six months for their VAT registration
May 2007
HMRC forced to extend the self-assessment filing deadline to 28 May and mitigate penalties for late filing, after tax agents complain that the online serivce is so slow that the only way to file a return is at 4am or weekends
May 2007
Parliamentary Accounts Committee reports again on the tax credit system. Committee says £5.8 billion was overpaid to claimants in the first three years of the current tax credits scheme, due to administrative errors by HMRC
February 2007
HMRC comes under fire for offering tax inspectors bonuses of up to £2,000 to encourage them to collect 25 per cent more tax during 2007
December 2006
A National Audit Office report indicates that 5.7 million taxpayers may not be paying the right amount of tax because they are using the wrong tax code. HMRC estimates are that taxpayers have overpaid around £500 million via PAYE, and that £1 billion of tax may have been underpaid
January 2006
HMRC apologises to 10,000 firms after fining them at least £400 each by mistake because of a basic flaw in the design of automatic systems that issue penalty notices
September 2005
The Public Accounts Committee denounces the tax credit system as a "nightmare". MPs say tax credits have been routinely overpaid to 1.8 million claimants and claims the system may be fatally undermined by its complexity. Follows reports from the Ombudsman and complaints from Citizens Advice.
May 2002
Ten months after its launch, the Inland Revenue's self-assessment online tax returns service suffers a major security breach when taxpayers filing their tax return online were able to view each others' personal information.
Source The Times
Thursday, 16 August 2007
ICAEW Demands Compensation For VAT Delay
HM Revenue & Customs should offer compensation to those businesses stuck on a VAT waiting list, the ICAEW has recommended.
The institute made the recommendation in a paper to HMRC suggesting how to resolve the 3-month backlog.
The ICAEW also wants a parliamentary inquiry into why the delays in obtaining a VAT number, which apply to online and paper registrants, are getting worse.
The ICAEW said in a statement:
"We are concerned that the continuing delays have damaged HMRC's reputation and will act to discourage good tax compliance from taxpayers."
Source Accountancy Age
The institute made the recommendation in a paper to HMRC suggesting how to resolve the 3-month backlog.
The ICAEW also wants a parliamentary inquiry into why the delays in obtaining a VAT number, which apply to online and paper registrants, are getting worse.
The ICAEW said in a statement:
"We are concerned that the continuing delays have damaged HMRC's reputation and will act to discourage good tax compliance from taxpayers."
Source Accountancy Age
Subscribe to:
Posts (Atom)