With permission, Mr. Speaker, I should like to make a statement on the breach of procedures which led to personal data relating to child benefit from Her Majesty’s Revenue and Customs going missing.
I shall set out the nature of the data and the circumstances relating to how they went missing. However, it might be helpful to the House if I set out the background first. The National Audit Office, which is independent of Government but answerable to Parliament, has a right to ask for and access data from HMRC in discharging its compliance responsibilities.
In March, it appears that a junior official in HMRC provided the National Audit Office with a full copy of HMRC’s data in relation to the payment of child benefit. In doing so, the strict rules governing HMRC standing procedures were clearly not followed. Those procedures relate to the security of and access to data as well as their transit to ensure that they are properly protected. That information should not have been handed over by HMRC in the way that it was. However, I understand that in this case the NAO subsequently returned all the information that it received in March to HMRC after auditing it.
It now appears that, following a further request from the NAO in October for information from the child benefit database, again at a junior level and again contrary to all HMRC standing procedures, two password-protected discs containing a full copy of HMRC’s entire data in relation to the payment of child benefit were sent to the NAO, by HMRC’s internal post system operated by the courier TNT. The package was not recorded or registered. It appears that the data have failed to reach the addressee in the NAO.
I also have to tell the House that, on finding that the package had not arrived at the NAO, a further copy of those data was sent, this time by registered post, which did arrive at the NAO. However, again HMRC should never have let that happen. Although it is believed that the data were sent from HMRC to the NAO on 18 October, the fact that they did not arrive was not reported to HMRC’s senior management until 8 November, nearly three weeks later.
I was informed on Saturday 10 November and immediately instructed that comprehensive searches by customs officers be carried out on all premises where the missing data might be found. Those searches are continuing. I asked for an immediate investigation, which was initiated that weekend. I also insisted on immediate steps to prevent this from happening again. Action has been taken.
On Monday 12 November, HMRC informed me that evidence might have been found of the route taken by the data and that they were likely to be found. However, by Wednesday 14 November it was clear to me that the HMRC searches had failed to find them. I therefore instructed the chairman of HMRC to call in the Metropolitan police to conduct a full investigation, in order to find the missing package. That investigation is still under way. Our priority was and is to find the data. Searches have been and continue to be carried out, including of HMRC and National Audit Office premises, and staff are being interviewed. So far, however, the missing data have not been found.
The police tell me that they have no reason to believe that these data have found their way into the wrong hands. The police are not aware of any evidence that they are being used for fraudulent purposes or criminal activity.
I will tell the House what is missing as a result of this extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines. In terms of protecting confidential data, Her Majesty’s Revenue and Customs is operationally independent of Ministers. It is established by statute and run by its chairman, Paul Gray, and a board of commissioners who are responsible for its operations but answerable to Parliament through me. Last week Paul Gray told me on his own initiative that given the seriousness of the operational failing he should resign. He has now confirmed that intention, and I am grateful to him for his contribution to the work of government, in HM Treasury, the Department for Work and Pensions and then HMRC.
The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families. Those records include the recipient and their children’s names, addresses and dates of birth, child benefit numbers, national insurance numbers and, where relevant, bank or building society account details. I regard this as an extremely serious failure by HMRC in its responsibilities to the public.
In making this statement today, I have had to balance the imperative of informing the House and the public at the earliest opportunity with ensuring that when I did so the appropriate safeguards were in place to protect the public, including in relation to bank accounts. Indeed, the banks were adamant that they wanted as much time as possible to prepare for this announcement. I discussed the issue with the Information Commissioner on Thursday, who agreed that appropriate remedial action needed to be taken before a public statement was made. This action has now been taken. I have also sought the advice of both the Financial Services Authority and the Serious Organised Crime Agency, and other Departments have also been made aware of the issue.
Let me set out what we have done. First, the UK Payments Association, the British Bankers Association and the Building Societies Association have been informed, and through them HMRC informed individual banks and other financial institutions, including building societies and post offices, of affected accounts. Secondly, individual institutions are flagging those accounts, which enables them continually to monitor for irregular activity. They tell me that so far they have found no evidence of such activity. Thirdly, individual institutions are also tracking back and analysing transactions on affected accounts to 18 October. Again, they have so far found no evidence of unusual activity. They will continue to monitor those accounts, so that if there is any suspicious activity, action can immediately be taken. Fourthly, if someone is an innocent victim of fraud as a result of this incident, people can be assured that they have protection under the banking code, so that they will not suffer any financial loss as a result.
The UK Payments Association has confirmed that it is confident that every action has been taken by the banking industry to minimise the risk of any fraud. It has also confirmed that the missing data are not enough in themselves for someone to access a person’s bank account for fraudulent purposes, as additional security information and passwords are always required. However, we have to recognise the increased risk caused by these missing data. People will therefore want to monitor their accounts and guard against any unusual activity. The advice of banks is that there is no need for customers to ask for a new account or to contact their bank or building society. However, they should do what they should be doing in any event: checking their bank statements to keep a close eye on their account for any unusual activity; contacting their bank or building society immediately if they see anything in their statement that concerns them; and not giving out personal or account details requested unexpectedly by phone or e-mail. I reiterate that the banks have made it clear that individuals will not have to pay out for any loss in the event that they become the innocent victims of fraudulent activity. I can tell the House that child benefit payments will continue to be paid as before.
There are already clear HMRC standing procedures, which appear to have been broken. HMRC has initiated changes to security processes and procedures, so they will now take place only with written authorisation from a senior manager and with appropriate protection for any transfer.
The police investigation continues, although there is also likely to be an inquiry into the missing data by the Independent Police Complaints Commission, which has responsibility for monitoring Her Majesty’s Revenue and Customs. I have kept the Information Commissioner informed. It is highly likely that there have been breaches of the Data Protection Act, which the commissioner will investigate.
The Government take the protection of personal data, in whatever form, extremely seriously and have therefore put in place and are strengthening rights and safeguards on the use and handling of such data. The Data Protection Act sets out the framework enforced by the Information Commissioner and the courts. Departments have specific controls on information sharing and duties of confidentiality that are being enhanced by amending the Data Protection Act to guard against misuse and provide further information to citizens about the information that the Government hold.
Last month the Prime Minister asked the Information Commissioner, Professor Mark Walport, director of the Wellcome Trust, to carry out a review of the framework in the United Kingdom to ensure the security of personal data. That review will look at Government Departments and other organisations. I can also tell the House that the Comptroller and Auditor General, Sir John Bourn, has said that the National Audit Office will also review its own procedures for requesting data to confirm that they remain in line with best practice, and will apply any lessons arising.
In addition, the House will be aware of other data security breaches by HMRC—including, at the end of September, the loss of records of around 15,000 people in transit by HMRC’s external courier and, in the same month, the loss of a laptop and other material containing personal details relating to HMRC customers. I have therefore asked Kieran Poynter, chair of PricewaterhouseCoopers, to investigate HMRC’s security processes and procedures for data handling. I have asked for an interim report next month and a full report in the spring. That review will be conducted in consultation with the Independent Police Complaints Commission and a full report will be made available to the Information Commissioner.
I express my gratitude to the Metropolitan police for its investigation, to the Information Commissioner for his advice and to the banks for their co-operation in working with the Government in taking steps to protect the public. The House will understand that because the investigation is continuing I am not yet in a position to give a full account of what has happened but I will continue to keep the House informed.
This is an extremely serious matter. HMRC has a responsibility towards the general public, who entrust it with highly sensitive personal information. It has failed to meet the high standards that should be expected of it. I recognise that millions of people across the country will be very concerned about what has happened. I deeply regret that and apologise for the anxiety that will undoubtedly be caused.
But let me reiterate: there is no evidence that these data have reached the wrong hands and no evidence of fraud or criminal activity; banks and building societies are putting in place safeguards to protect people’s accounts; banks and building societies will continue to monitor those accounts; and no one will suffer any loss if they are innocent victims of fraud. I will, of course, keep the House updated of any further developments. I commend the statement to the House.
The Prime Minister says that the first duty of Government is the protection of the citizen, and today we discover from the Chancellor that the Government are responsible for breaching that duty of protection to 25 million citizens. Let us be clear about the scale of this catastrophic mistake: the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post; and the bank account details and national insurance numbers of 10 million parents, guardians and carers have gone missing. Half the country will be very anxious about the safety of their family and the security of their bank accounts, and the whole country will be wondering how on earth the Government allowed this to happen.
The Chancellor has to answer the most serious questions. On the question of safety, what contingency plans have been drawn up with the police lest it become clear that millions of personal details have fallen into the wrong hands? On the question of financial security, I understand what the Chancellor said about the precautionary measures taken by the banks this weekend, and I agree with him that people need not contact their banks, but since he has asked millions of people to monitor their accounts, many may well do so. What steps have been taken by the Treasury, the Bank of England and the Financial Services Authority to prepare for any potential financial instability?
If fraud does occur—and of course it is good to hear that there is no evidence of that at present—where will the liability for any losses rest? The Chancellor said at the end of his statement that people would not lose out. Does that mean that the responsibility now rests with the Government, and, in effect, is the Chancellor now offering another general guarantee to depositors and people with bank accounts?
On the question of how this extraordinary security breach could ever have happened, what is the point of the House passing laws to protect the privacy of people’s personal information if those laws are not even enforced at the heart of Government? As the Chancellor himself said, this is the third, and by far and away the most serious breach by Her Majesty’s Revenue and Customs this year. In August, a laptop containing the personal details of 400 taxpayers was stolen after being left in a car overnight, and 15,000 people’s details were lost. [Hon. Members: “He said that.”] He did say it, and it is worth reminding ourselves why there has been a catalogue of mistakes at Her Majesty’s Revenue and Customs. When did the Chancellor first become aware that the security protocols in his own Department were absolutely worthless, and what did he do about it?
We know that it was about 21 days before the breach in security was brought to the Chancellor’s attention—incidentally, two days after it was brought to the attention of senior management in Her Majesty’s Revenue and Customs. Why did the Chancellor then wait for four days before contacting the police? Does he remember just who has been running the Inland Revenue for the last 10 years? The Prime Minister. Can he tell us when he told the Prime Minister about this fiasco?
Finally, there is the issue of how we stop this from ever happening again. I welcome the inquiries that are under way, but can the Chancellor confirm that the police are investigating not just the individual responsible for sending the discs, but those above that individual who are responsible for ensuring that the law is properly enforced in Her Majesty’s Revenue and Customs? Does he agree that today must mark the final blow to the Government’s ambition to create a national ID card? They simply cannot be trusted with people’s personal information.
Since he came to office less than six months ago, the Chancellor has lurched from one crisis to another. Now his Department has compromised the security and safety of every family in the land. This autumn, the Prime Minister said he had shown that the Government could be competent, and now needed to set out his vision. There are 25 million people whose personal details have been lost by this Government. Never mind the lack of vision; just get a grip, and deliver a basic level of competence.
I think the whole House will agree that the way in which this was handled was inexcusable. HM Revenue and Customs has well laid down and established procedures which were breached, and which there is no excuse whatsoever for breaching. As I told the House, it is a matter of extreme regret that so many people will be caused anxiety as a result of what happened.
There are two points. First, the police investigation is continuing, and as we ascertain more about what happened, we will be able to learn lessons for the future. Secondly, the hon. Gentleman asked what was being done in the meantime. Senior management have instructed that no information is to be downloaded from computers in this way without the authority of a very senior member of the Revenue and Customs, and that in the event that it proves necessary to make that information available to other people, the procedures will be tightened up.
It is obvious to me from the information that I have that in the event of the NAO’s wishing to audit a large amount of information of this kind, procedures will provide for the NAO to go to where the information was stored rather than its being transmitted. The senior management have tightened up on those procedures so that this does not happen again, but we will obviously want to learn from the conclusions of the inquiry that I have asked Kieran Poynter to carry out.
The hon. Gentleman asked some specific questions. First, as I have said, the banks have put in place all the precautions they think they can reasonably put in place to guard against any unusual activity. I repeat that neither the police nor the banks have any evidence to suggest that the information has fallen into the wrong hands or that it is being used for fraudulent or other criminal purposes. The hon. Gentleman asks what would happen if a particular set of circumstances were to arise. I hope that he realises that for obvious reasons the police do not particularly want me to speculate on what they might do in the event that they suspect a crime is taking place, but I can assure the House that the Metropolitan police is very aware of the risks and is addressing them.
The hon. Gentleman also asked specific questions about when I was told and what I did. As I said in my statement, I was told about this on the morning of 10 November and I instructed that there should be an immediate, thorough search by experienced, trained customs officers of every place where the discs might be found. That took place. I also asked that HMRC undertake a thorough investigation of what should happen. However, despite being told on Monday that there was every chance that we would be able to recover the disks—which would, of course, have been the preferable course of action—it was clear to me that that was not going to happen, which is why I asked the Metropolitan police to be called in.
There was one thing I was very conscious of, and it was why I took advice from the Information Commissioner: that before I made a public statement the House would expect me to do everything I reasonably could with the banks to put in place measures to protect the public. I am sorry if the hon. Gentleman disagrees with my judgment on that, but I think I had a duty to give the banks time to put in place the necessary protections, especially when I was advised that that was the right thing to do by the Information Commissioner and especially when I was told by the banks that they wanted as much notice as possible before this became public knowledge. The hon. Gentleman asked when I told the Prime Minister. Within about half an hour of my being told, I spoke to the Prime Minister. The two of us discussed what we ought to do, and I have kept him informed ever since.
The last point that the hon. Gentleman makes way in relation to identity cards. The key thing about identity cards is, of course, that they will mean that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.
In conclusion, as I have informed the House, this is a deeply regrettable incident that should never have happened, but I am now doing everything I possibly can to safeguard the public interest because that is the right thing to do.
I think I should thank the Chancellor for both his frankness and his apology, but is it not now the case that the Treasury has replaced the Home Office as the Department that is unfit for purpose, and also that he inherited from his predecessor systems of management that are totally dysfunctional?
On the specifics, how many unencrypted CDs are being posted around Government every year? Since this is the second case within the past few weeks of a CD being lost in the post—the other in relation to insurance data—what is the status of the comment made in respect of the loss of a CD in September by HMRC that it had
“reviewed our arrangements and introduced safeguards to prevent this happening in future”?
Why should we have more confidence today that that will be implemented? Can the Chancellor also explain why, in this day and age, information is being transmitted through CDs, rather than electronically? Is that not just a reflection on the ancient IT systems employed by HMRC? [Interruption.] For example, is he aware that officials within HMRC—[Interruption.]
Order. Let the—[Interruption.] Order. Let the hon. Gentleman speak.
Is the Chancellor aware that officials within HMRC are being told to disregard elementary precautions such as dual running of old and new IT systems in order to make savings on the £8 billion Capgemini project? Will he not make an open, transparent statement of the IT position by publishing the gateway review rather than trying to suppress its findings by going to the High Court?
A basic question one has to ask is why private finance initiative contractors are being given greater data protection than 7.5 million families concerned with child benefit. Is not at least part of this problem due to the 25,000 job losses being implemented in HMRC? Clearly, if officials are being asked to do more and more with fewer staff, mistakes will be made, as they have been here and in relation to tax credits and VAT registration. Is the issue of confidence in Government databases restricted merely to the future ID card system? Is there not a complete lack of confidence in future benefit claims? How on earth are poor people going to have confidence that their data will be protected when they claim benefits?
Finally, I want to raise the issue of the principles governing resignation from Government when administrative disasters occur. One senior official, Paul Gray, has now resigned as a matter of honour; another, the Metropolitan Police Commissioner, declined to do so. Home Office Ministers have resigned on matters of honour; Treasury Ministers decline to do so. Where does the buck stop in this Government?
The hon. Gentleman asks a number of questions and I agree with him that this information should not have been downloaded in the way that it was; it certainly should not have been sent in the way that it was, without any readily available means of identifying where it was. It was password-protected, but that was inadequate. However, the hon. Gentleman needs to bear it in mind that the key problem is that HMRC has clear instructions, rules and procedures on requesting, downloading and transmitting information, and that the individuals concerned ignored those instructions. That is the difficulty, and that is what we need to make sure does not happen again.
HMRC is operationally responsible for the collection and making of payments. It is, quite properly, independent of Government, because it is involved in dealing with personal data. That is why it is a responsibility, which this House recently agreed to, of a board of commissioners and the chairman. They are accountable to Parliament through me, which is why I am making this statement today, but there is no doubt in my mind that what we have here is an extremely serious breach. It should never have happened, and the problem is that individuals within HMRC ignored the procedures that were there. That should not have happened and that is what we need to put right.
Paul Gray, the chief executive of HMRC, has always been co-operative and helpful to the Treasury Committee in our dealings; however, he is correct today to resign from his post. This gives rise to the question, are data safe with Government agencies? No doubt the Treasury Committee will look at this issue, at the internal security procedures operated by departments, and at the level at which the security is signed off. Why does such sensitive information need to be shuffled around? Why cannot the NAO undertake its investigations at the departments? No doubt the Treasury Committee will want to look at this issue, and I ask the Chancellor for his full co-operation in that exercise, so that we investigate this matter thoroughly and ensure that never, ever again does such a situation arise.
I certainly welcome any inquiry by the Treasury Committee. My right hon. Friend asks me about the audit procedures and as I told the House earlier, Sir John Bourn, the Comptroller and Auditor General, is reviewing the procedures for how information is handled and what he requests. On child benefit, my understanding is that normally, the NAO would seek to investigate a comparatively small number of cases—perhaps as small as a dozen or so—in order to be sure that Revenue and Customs was following the correct procedures and paying them. It is not at all clear to me why 7 million records would be necessary, or whether it would be possible for anyone actually to look at 7 million records and properly audit them.
I also agree with my right hon. Friend—I said this in reply to the shadow Chancellor—that if large-scale information is sought, as I understand it, the internal procedures of the Revenue and Customs require that the auditor go to where these things are held, in Washington and the north-east, so that he could look at that information without it being taken out of a secure building. I understand that those procedures are in place. One of the things that the inquiry will have to find out is why those established procedures were breached by the individuals concerned.
I am grateful to the Comptroller and Auditor General and to the Chancellor for briefing me this morning. May I just make one or two things clear from the CAG’s briefing? He requested this information—the national insurance numbers—to create a sample to enable him to carry out the audit. It is clear that the CAG specifically asked that all personal details, bank account details and all that sort of information should be removed before this was sent. That is the most important thing. The National Audit Office simply asked for the national insurance numbers; this had nothing to do with personal details.
On the other important point the Chancellor may have inadvertently misled the House—I am sure that it would have been completely inadvertent. He said that this information was sent on 18 October. That is true; the Inland Revenue informed the NAO on 18 October. He then told us that it was not until 8 November that senior management were told that these discs had not arrived. In fact, the NAO informed HMRC on 24 October that the wallet had not arrived. It was sent completely insecurely. A second wallet was then sent, so there is no doubt that the wallet never arrived at the NAO; it was lost in the post. No blame can be attached to the NAO, which was simply doing its job in asking for this information. This is criminally irresponsible behaviour on the part of a Department that once had an unimpeachable reputation.
There is one point that I want to address head on, because I take very seriously my duty to tell this House the facts as I understand them. I did say in my statement that a request was made at the beginning of October to provide information for audit. That led to the official concerned despatching the two discs in the way that I described—these are the two that never arrived. I understand that subsequent to that, on discovering that they had not arrived, the same junior official spoke to his counterpart in the NAO to ask whether or not he had received them. As I said in my statement, on discovering that they had not been received he then posted another two copies—this time using registered post. That is precisely what I told the House. There had been further contact after the initial posting on 18 October. The fact remains that my understanding is that senior management of HMRC were not told of this until 8 November.
That is what I have been told by HMRC, so the hon. Gentleman is right to say that an initial request was made but the discs did not turn up at the NAO. The two officials spoke again and, wrongly, the discs were posted out a second time. This time they did arrive and are, as I understand it, in safe custody. The fact remains that it was not until 8 November that senior HMRC staff were told, and they subsequently informed Ministers. I want to be clear about that.
On the NAO’s original request, I am aware of the position that Sir John Bourn has helpfully set out for me. I have also received advice about what HMRC thinks it was asked for. One of the reasons that I want Kieran Poynter to investigate is to reconcile the sometimes differing accounts of what happened. I have been at pains not to allocate blame as between the NAO or HMRC. I have no reason to criticise the NAO and I welcome the fact that Sir John Bourn is carrying out his own inquiry. I am sure that he will share his conclusions.
I wanted to clarify the position. I understand perfectly why the hon. Gentleman wants to make the position of the NAO clear, but I know that in my statement I acquainted the House with what happened to the best of my understanding.
My right hon. Friend is to be commended for his statement, which was responsible and proportionate. May I especially commend him for having given the banking system time to consider the situation without panicking and to prepare for what will be a demanding few days as people seek reassurance? I am sure that major banking institutions will be fully prepared, but can he assure the House that the smaller banks and building societies have the capacity to deal with customer demand over the next few days, especially Post Office branches in the high street, when the public seek the reassurance that they no doubt will?
Certainly HMRC will do everything that it can, together with the associations representing the banks and building societies, to help them and the Post Office prepare. As I said in my statement, I was conscious of the balance that I had to strike between telling the House and the public, and allowing sufficient time for preparation by the banks. Some small institutions asked for a couple of weeks, but it was my judgment that I had to make the information public as soon as was reasonable. I also had to do my best to ensure that the banks were given sufficient time. I have tried to strike that balance and I hope that the House will understand that. As I said earlier, the view of the banks and the building societies is that there is no need for people to contact them unless they have seen something suspicious. Because the bank accounts are being monitored—they have been flagged since the weekend because of the information that we gave the banks—the process is well under way, although we will obviously help some of the smaller institutions if they need and request that help.
If the Government have managed to lose 25 million confidential personal records in this way, how can we possibly trust them to run an ID card scheme nationally?
As I said, one of the problems is that the information we have at the moment can, in certain circumstances, be used for fraudulent purposes by people who have no right to use it. The point about ID cards is that because they will introduce biometric information they will mean that one can be more certain that the person asking for or dealing with that information has a legal right to do so.
The general public, hearing about this, will be less concerned about whether the NAO or the Treasury were to blame and more concerned about the embarrassment of their records being public, the threat of identity theft and what protection they will get if it occurs. Can the Chancellor spell out what protection the public will get from the various banking codes if identity theft happens?
On the central point, there is no information suggesting that the information is in the wrong hands or, indeed, in the public domain. It is password protected. The police, who are constantly monitoring the situation, tell me that there is no reason to believe that the information has come into the hands of people who should not have it. As I said to the House earlier, the fact that the banks have been able to flag and monitor the accounts concerned means that if unusual activity occurs, it can be picked up. Individuals will also look at their own accounts. At the moment, there is no reason to believe that the information is in the public domain or that there has been any fraudulent or other criminal activity. However, the banks, the Government and everyone else will continue to do everything that they can, first to recover the information and then to put those protective measures in place.
It is hard to know where to start with the Chancellor. He prays in aid the Information Commissioner, but it was the commissioner who told the Government to publish the gateway reviews for ID cards, so why did he not listen to that? Moreover, Sir John Bourn has qualified HMRC’s accounts for the past four or five years, not because of any fault on the part of that Department but because it is being required to implement the Government’s unimplementable tax credit policy. Paul Gray is a courteous and honourable man; what I fail to understand is why he is the only one offering his resignation.
I agree that Paul Gray is an extremely courteous and hard-working civil servant who has served successive Governments very well indeed. From my time in government with the Treasury and the Department for Work and Pensions, I know that he has served all Departments with distinction. He deeply regrets what has happened but he is chair of HMRC’s commissioners, who were established by statute, and he accepts that he has a responsibility in this matter. I am sorry about what has happened, just as he is, but the important thing is to make sure that such a massive and unforgivable mistake does not happen again. We must learn from it, and ensure that proper procedures are put in place to protect the public.
Notwithstanding the sad but not surprising sanctimony displayed by those on the Opposition Benches, does my right hon. Friend agree that what has happened is the sort of random, human mistake, in breach of all guidance and rules that occurs under all Governments of all colours? The test of the Government is how they deal with it. The Chancellor has told us what he has done, but will he now say whether any requests for co-operation or compliance from the police or any other investigating authority have been refused by the Government? Is there anything that he could have done that he has not done?
No. All requests made of the Government have been met in full. Where we have not been able to do that immediately, we are working with the relevant authorities to make sure that we put in place what is needed.
First, may I express the hope that the lost data might be found even now? If that happens, the problem can be treated as an exercise, with HMRC and other Departments looking at their procedures very carefully and changing them where necessary to ensure the safety of data transmission. Given the scale of problem, will the Chancellor say whether all parts of the UK are affected or whether any geographical importance can be attached to the data that have been lost? Will he also say—
Order. Hon. Members may ask only one supplementary question.
I believe that the information that has been lost covers all recipients of child benefit. I know that the system in Northern Ireland is administered separately, but I am proceeding on the basis that all child benefit recipients are affected. As I said earlier, the police are still investigating, and that includes checking the precise details of what was taken off the computer. However, the information that I have today suggests that it is best to assume that recipients from all parts of the UK are affected, and not only those from Scotland, Wales and England. I am afraid that we will have to proceed on that basis.
It is clear that my right hon. Friend has taken prompt and decisive action from the time that he was informed of the mistake. As chair of the Public and Commercial Services trade union group, I am aware of the representations made to the Treasury in respect of concerns about management and the management systems that have been put in place, and about the impact of job cuts in HMRC. Will my right hon. Friend therefore meet the PCS group to discuss those matters of concern?
I know that the PCS has been extremely helpful in facilitating police interviews with members of staff who, like everyone else, are anxious to recover the items that have been lost. We are all grateful for that, and HMRC staff have behaved entirely in the way that one would expect from public servants. General staffing questions should be directed to my right hon. Friend the Financial Secretary to the Treasury, who has day-to-day responsibility for HMRC. I am sure that she will be happy to discuss them with my hon. Friend.
This calamitous breach of privacy occurred during the transfer of information between two public departments. Given that the national database behind the identity card system exists precisely to transfer and aggregate information between a great many departments, can the Chancellor give us an assurance that we will not proceed with that proposal without first carrying out a proper review of the privacy implications, especially in the light of the fact that the Australian proposal for an identity card foundered precisely on concerns about privacy?
As I said in my statement, there are a number of things we need to consider in relation to the holding of data by Government and the transfer of that information, which is why my right hon. Friend the Prime Minister asked for a report into the matter. In relation to this problem, as I have said on a number of occasions, it should never have been dealt with as it has been, and no one can possibly excuse the way in which the information was sent through the post. There are clearly a lot of lessons to be learned, and I am determined that we do just that.
Given that ultimately any system is vulnerable to human error, will my right hon. Friend consider during his various reviews of the problem whether it would be prudent for such databases to be encrypted in future?
That is certainly something we need to consider, because it is possible to encrypt information at present. My starting point is that in general if an auditor, or anyone else, wants to look at a large amount of information, it is best to do so where the information is stored so that we do not have to send it in the first place; but if information has to be sent—even if it is only a small amount concerning a small number of people, or an incomplete picture of someone’s circumstances—there is something to be said for encrypting it so that it can be kept as secure as possible. Let us be in no doubt: the public entrust the Government, or their agencies, with personal information and they expect that information to be safeguarded with as much security as we can possibly manage.
The Chancellor said that he reckoned that the department was independent of his Department so in that sense it was enough for Paul Gray to resign, but it was to the Chancellor that HMRC came; it was he—rightly—who took the decision for a full search and then to call in the police, and it was he who has had to come to the Dispatch Box to explain it all. Does not that make it certain that he and his Department have absolute overall responsibility, so if the information gets into the wrong hands, would he consider it right that either he or his Financial Secretary should take the decision to resign?
The House debated the structure of HMRC recently when the two organisations merged. HMRC was set up as a body independent of Government, mainly to keep Ministers of whatever Government away from the business of collecting people’s money and paying out money. It has always been understood that although Ministers are responsible for policy, operational matters should be kept away from them for perfectly understandable reasons. HMRC is unusual: the body is run by a chairman and a board although it is clearly accountable to Parliament through Ministers—in this case, me. Of course, given the seriousness of what has happened, I took a very real interest in the matter right from the time it was drawn to my attention.
Although the Chancellor has said that the information should never have left the building and, indeed, that it was security protected, will his review look at ensuring that the highest level of security protection is now applied to all appropriate sensitive data?
Yes, we must do that. As I said a moment or two ago, if sensitive information is to be taken out of a building, it must be transmitted as securely as possible. I suspect that there will be a number of different ways of doing that, but it is critically important and it is what the public expect.
Is the Chancellor aware that security codes and passwords can be broken? The Apple iPhone code was broken within a day of its launch in the UK. Considering the ability of criminals to breach codes and passwords, what advice has he received from the Metropolitan police about the likelihood of identity fraud if the data should fall into the wrong hands?
I agree that we need to make sure that as much security as possible is attached to any transfer of information. Part of the purpose of Sir John Bourn’s review is to consider, for example, how many cases need to be seen when carrying out perfectly legitimate audit requirements and what information he actually needs to see. Sir John will want to consider those points and discuss them with HMRC and other Departments. In relation to HMRC, if information is requested, consideration has to be given, as already required by the guidelines, as to whether an auditor should be invited to look at the information in the place where it is held or, if it is sent, what precautions should be attached—whether encryption, password protection or whatever. I understand that all those things are provided for under existing requirements, but what happened in this case was that the existing procedures were not followed at each and every stage.
Is the Chancellor aware that the whole House is, naturally, seized of the gravity of the breaches in procedure that have taken place, but recognises, equally, that he in his office has acted with great dispatch and decisiveness in dealing with this difficult situation? May I associate myself with his tribute to Paul Gray, whom I knew when at the Treasury? He is a civil servant of distinction, but his resignation was necessary in the circumstances, as he readily saw. In involving the police, the Chancellor clearly did the right thing and acted immediately in that respect—a similar thing is true of looking at the systems. May I put a point to him on the question of the transmission of data? However we transmit data, somebody has to take the decision. With information of this kind, should not two or three levels of officials—going, where necessary to the very top—have to be involved?
I agree with my hon. Friend’s remarks concerning Paul Gray. I also agree with what my hon. Friend said about the transmission of this type of information. Revenue and Customs has now put in place procedures that require access and transfer to be approved at the very highest level of the organisation. It is quite clear from what has happened that that needs to be applied in the future as well. It cannot be left to someone at a junior level in the organisation to decide whether information, especially information of this nature, should be downloaded—and then, in this case, posted in a way that was totally insecure.
The Chancellor has given my right hon. Friend the Member for Hitchin and Harpenden (Mr. Lilley) and my hon. Friend the Member for Harwich (Mr. Carswell) reassurances that any personal information stored for ID cards will be safe. However, after this astonishing display of incompetence, why would anybody have any faith in the Government or trust them to be able to keep personal information secure?
For the reason that ID cards match up biometric information with the information that is held, so that the person holding the information knows that the person asking for it is legally entitled to it. That is the difference between many other systems, which do not have that biometric lock, and the ID card system, which would have that biometric lock. It seems to me that that would give me and the hon. Gentleman, as individuals, far more protection than there is at the moment.
The Chancellor acted promptly to ensure that the banks had systems in place to deal with the matter before it became public. However, he will be more aware than any of us that, now the matter is in the public domain, all sorts of people will try to work various scams through the internet and by telephoning people, claiming to be acting on behalf of the banks, to get personal information. What discussions has he had on alerting members of the public—some of whom may be in very vulnerable positions—to that possibility, to ensure that they do not give out personal information in response to those sorts of request?
My hon. Friend raises a perfectly good point. I said in my statement that people should be very wary if they receive unexpected phone calls or e-mails asking them for personal information. As I think we are all aware, that can happen anyway, but that is especially the case at present. Revenue and Customs is writing to all recipients of child benefit to explain what has happened, to set out what people need to do and to assure them that they will get their child benefit payments in the normal way. The letter says that if people do receive any unusual requests, they should decline to give the information until they are absolutely sure that the request is coming from the right place.
This was a catastrophic loss of security and a fundamental breach of trust—so much so that Paul Gray resigned, which is honourable. I am concerned that the error made in March was fundamentally allowed to be replicated in October. I am concerned that the lost data, sent on 18 October, were not reported to the police until 14 November. However, I am most concerned about the system failure, including as regards the implementation of guidelines, which allowed a junior official to copy the entire child benefit database on to a disc and post it, unregistered, to anyone. The Chancellor said that he will work with the Treasury Committee—I have spoken to its Chair—and I hope that when he does he will raise the matter of process quickly, particularly the process whereby procedures are put in place to ensure that there is ministerial oversight and sign-off of all security matters—
Order. I call the Chancellor.
The procedures were there. I am not saying that they cannot be improved; indeed, I am sure that they can be improved. As I understand it, the problem was that the people concerned did not follow the procedures. That is why we have the problems that we do. The senior management of HMRC are making sure that there are very clear instructions and that tighter procedures are in place. The reason that I asked Kieran Poynter to carry out his investigation and to provide me with an interim report next month is that improvements are necessary; that is beyond doubt, and I entirely agree with the premise underlying the hon. Gentleman’s question.
I, too, commend the Chancellor for his prompt and candid statement. I echo the sentiments of my hon. Friends the Members for High Peak (Tom Levitt) and for Warrington, North (Helen Jones) about the responsible way in which he allowed the banking sector time to prepare. May I ask my right hon. Friend, before the press do, who is bearing the cost of flagging the accounts and analysing transactions within the industry?
The banks have put in place those procedures; they have them. There have been data losses from time to time, so that is something that they are concerned with at the moment. We will continue to discuss with the banks what is necessary to safeguard people’s interests in future.
What other organisations or agencies connected with central or local government are in receipt of, or have access to, any personal tax or benefit data held by Revenue and Customs?
All tax records will be the responsibility of HMRC, but there are procedures that lay down access to, or exchange of, information. That is governed by primary legislation in many cases, and by the Data Protection Act 1998, which has clear instructions on what can and cannot be done. There are also internal procedures. The inquiries that I announced today will look at those things. We need to make sure, first, that they are adequate to the task, and secondly—and equally important—that procedures are followed to the letter.
It is clear that my right hon. Friend has struck a good balance between giving banks, building societies and the police time to do their work and informing the House. I welcome the appointment of Kieran Poynter to look into HMRC’s processes. What is being done to ensure that our constituents’ details are kept safe until the report is presented?
First, as I have said on a number of occasions this afternoon, there is no evidence that the information has fallen into the wrong hands, and the searches for it will continue. I set out the procedure and processes that have been followed by the banks in relation to flagging accounts. I have also said that Revenue and Customs has put in place a very tight regime that will prevent information from being downloaded or transmitted without its being signed off at a very senior level. I hope that both those measures will provide some reassurance in what is clearly a very difficult situation.
Another day, another incompetence. If the Chancellor knew on 10 November, can he tell the House on which date he alerted the banks, and why he dithered for four days before calling in the police?
I am not sure whether the hon. Gentleman was present during my statement. I said that on 10 November, when I was told about the matter, I immediately asked that there be a thorough search. That search was carried out by trained Customs officials who are used to looking for missing items. I was told on the Monday that people were optimistic that we would be able to find the package, but by Wednesday it was clear that that would not happen. That is when the Metropolitan police were called in. At the same time—this is an important matter—I was acutely conscious that we had to give banks time to put in place sensible precautions before it became public knowledge that the information was out there. The banks said that they needed time to put in place proper defences and it would have been wrong of me to ignore that advice.
I also said in my statement that I discussed the matter with the Information Commissioner, who was clear about two things—that the information had to be made public, but only after we had had an opportunity to talk to the banks and put in place such protective measures as were appropriate and could be put in place. I believe that I struck the right balance between a duty to tell the House what had happened, and a general duty to protect the public interest as much as I possibly could.
I welcome my right hon. Friend’s statement about a matter which is a serious breach of the Data Protection Act. May I press him on the role of the National Audit Office? What I would like to see come out of the inquiry is the nature of the information that it requested, whether that request was compliant with the Freedom of Information Act and the Data Protection Act, and at what level the decisions were taken. There is always a responsibility on the people requesting information to be sure that they are legally entitled to have the information that they have asked for.
That is something that we need to establish. As I said in reply to a question from the Chairman of the Public Accounts Committee, the hon. Member for Gainsborough (Mr. Leigh), we need to establish who was involved at the NAO and HMRC, at what level, what they were asked for and how that request was responded to. One of the things that Sir John Bourn wants to examine is the nature of information that is asked for in future, as well as the handling of those requests and of the information if it is to be made available. It is entirely sensible that we should do that.
It is appropriate that the Prime Minister should be present, because the whole tax credit system is a product of his over-fertile brain. We have long known through constituency experience that the situation is irredeemably complicated, but the present circumstances have shown us that it is also unduly intrusive. Will the Chancellor of the Exchequer undertake to look at the system again from first principles?
The matter does not concern the child tax credit. It concerns child benefit, which is a different benefit. I should have thought that the hon. Gentleman knew that.
rose—