We now come to the debate on the first Opposition motion. I inform the House that in both debates I have selected the amendment in the name of the Prime Minister.
I beg to move,
That this House is deeply concerned at the Government’s failure to protect the personal details of 25 million citizens; believes this security breach is due to systemic failures at HM Revenue and Customs; notes the inconsistencies between the version of events set out by the Chancellor of the Exchequer in his statement of 20th November and that revealed by the Government emails released by the National Audit Office on 22nd November; and calls on the Chancellor of the Exchequer to provide a comprehensive explanation about how the security breach occurred, why previous warnings about data security were ignored and what policy changes will be introduced to protect the public in future.
Eight days ago the Chancellor had to come to the House and tell us that the Government had failed in their first duty to protect the public. He had to tell us of the incompetence in his Department that had led to the personal details of every child in the country being lost and the bank account numbers of every family in the country going missing. He said at the very end of his statement that he would
“of course, keep the House updated of any further developments.”—[Official Report, 20 November 2007; Vol. 467, c. 1104.]
In the eight days since then, the Chancellor’s version of events has been contradicted by the internal e-mails published by the National Audit Office. We have discovered that, contrary to what he said, senior officials in HM Revenue and Customs were involved in the key decisions. Further evidence has emerged of systemic failure in the Chancellor’s Department, and still there is no sign of the missing data. Yet, instead of keeping the House updated on these developments, the Chancellor has on two occasions since then avoided coming to the Chamber to make a statement. That is why this debate is necessary. It allows us to hold one of the most senior members of the Government accountable for one of the most catastrophic mistakes made by the Government.
The first thing that we should be told today is whether the Chancellor is any closer to finding out where those missing discs are. He has ordered that a letter be sent out to about 7 million people, telling them that their family details and bank account numbers are
“likely to still be on government property”.
How on earth does he know that? We all hope that it is true, but I am not aware of any positive evidence to support the statement that was sent to 7 million people. Perhaps the Chancellor can provide it today. I am willing to listen to that evidence. He can intervene on me at any point, or wait until his own speech. At the moment, we have evidence that the Government are searching the premises of external businesses such as TNT, so I would like to know how he can tell people that the discs are likely to still be on Government property.
We have also discovered that in trying to reassure people, the Treasury appears to have compounded its mistake by sending to some members of the public letters that include the personal details and national insurance numbers of other people. Those are the apology letters. The Financial Secretary shakes her head. She is obviously not aware of what is going on in the country. Let me read a couple of examples that have been brought to my attention. First, a member of the public states:
“I have just had an apology letter {dated 21 November, 07} from Dave Hartnett {Acting Chairman} of HM Revenue & Customs apologising about the error of losing my personal child benefits data, including my bank account…which I was expecting. However, its ironic…I’ve also received 7 other apology letters that should have been sent to other members of the public in the same predicament! I’ve got all their National Insurance Numbers, their Child Benefit Ref. Number, Name and address. It really is…an absolutely awful mistake when they are trying to reinstill confidence.
I have of course reported this to the HM Revenue & Customs helpline…I spoke to a gentleman… He made me aware I was not in the minority…this had happened to a number of individuals and asked me to relay the National Insurance No’s”.
My hon. Friend the Member for Banbury (Tony Baldry) brought to my attention another case involving a constituent of his who has just been sent a letter of apology that includes the names and national insurance numbers of someone other than them. The error is being compounded as we speak by the release of such letters. Perhaps the Chancellor could tell us a little more about that when he replies.
Will the hon. Gentleman give way?
Of course. Perhaps the hon. Gentleman has received such a complaint from a constituent of his.
I am interested that the hon. Gentleman has moved from 500,000 records to single records. If he feels that the issue is important, as he seems to, is he not concerned that 90 per cent. of Conservative Back Benchers are not present, and that those who are present are mostly talking to each other rather than listening to him?
I am talking about 25 million people whose information has been lost. I suppose we have the worst 10 per cent. of the Labour party on the Government Benches.
Perhaps the Chancellor can explain what he has been doing in the past eight days to keep us up to date with the search for the missing discs. The second thing that he must do today is account to the House for not telling the British public the whole truth about how their personal details came to be lost.
When the Chancellor spoke to us last week, he wanted us to believe that it was all the fault of what he said in his statement was
“a junior official in HMRC”.
He repeated that when he referred to someone “at a junior level”. In reply to the hon. Member for Coventry, North-West (Mr. Robinson)—the paymaster general to the Brownites in more ways than one—the Chancellor said:
“It cannot be left to someone at a junior level in the organisation to decide whether information, especially information of this nature, should be downloaded”.—[Official Report, 20 November 2007; Vol. 467, c. 1101-1114.]
Let me put this in terms which I think are acceptable to you, Mr. Speaker. We now know that what the Chancellor told the House was not close to an accurate statement of what actually happened. We now know that it was not left to someone at a junior level in the organisation to make that decision. Thanks to the e-mails released two days later—they were released not by the Treasury, by the way, but by the National Audit Office; we still have not heard anything from the Treasury—we have discovered that senior officials at HMRC were involved in the decision.
Everyone has seen those e-mails. It was a senior business manager who replied to the first request from the NAO for the information on 13 March. It was that senior business manager who rejected the NAO’s request that the address and bank account details be removed, on the grounds that it would cost too much money—not something that the Chancellor has ever told us. The child benefit process manager, the senior official in charge of the entire child benefit system, as I understand it, was copied into those e-mails and was aware of the discussion about whether to send the information.
Those are not junior officials or lowly clerks—96 per cent. of the staff of the Revenue and Customs are on more junior grades than the most junior civil servants involved in this decision. Why did not the Chancellor tell the whole truth? The political editor of the BBC reported:
“I am told that when he spoke to the Commons the Chancellor had not seen the e-mails and had not been told of the potential involvement of a senior official.”
That is what the political editor of the BBC said, reporting the conversations that he had with the Chancellor of the Exchequer, I guess, or with the Chancellor’s special advisers or whoever he talks to in the Department.
Is that report true? Can the Chancellor tell us now that when he spoke to Parliament, he had not been told of the potential involvement of a senior official? Are we to believe that the Chancellor has so little grip in his Department that when he spoke to Parliament, he did not know that his own senior officials had been copied into and involved in those decisions? Are we to believe that in the 10 days that he had to prepare for that statement, he did not ask to see the internal correspondence that was published just a couple of days later? Or did he want us all to believe that it was all down to some lowly official and that no Government of any colour could prevent such a thing from happening? Ignorance or deceit—neither is much of a defence for a man who holds the highest office in the land.
The involvement of senior officials is—
Order. I have called before, on another occasion, for temperate language. I ask the hon. Gentleman to withdraw the word “deceit”—[Interruption.] Order. There is only one referee in the Chamber.
Let us be generous, then, and just call it ignorance.
Withdraw!
Order. That is fair. That is a withdrawal.
Thank you, Mr. Speaker. The involvement of senior officials is not the only inconsistency between what the Chancellor said to the House and what now appears to be the case. He told us that the reason that he had delayed telling the public and Parliament about the loss of personal data was—I quote from his statement—that
“the banks were adamant that they wanted as much time as possible to prepare”.
He said:
“Some small institutions asked for a couple of weeks”.—[Official Report, 20 November 2007; Vol. 467, c. 1102-1110]
The British Bankers Association issued a press release the moment he sat down saying that it
“must correct the statements made by the Chancellor of the Exchequer in his address to the House of Commons today that any bank asked for any extension to the delay in announcing the security breach by HMRC…At no point did the banks request a period of weeks, as the Chancellor stated”.
Who is telling the truth? Is it the banking system or the Chancellor? Is it the e-mails from the NAO or the Chancellor? I guess that the public will decide.
The public will also decide on the third issue that needs addressing today: HMRC’s systemic failure to look after people’s personal information over a number of years. The Prime Minister went to great lengths to deny that failure when he was questioned by my right hon. Friend the Leader of the Opposition at Prime Minister’s questions last week—and we know why. The Prime Minister presided over this department and its predecessors for longer than anyone in the past 100 years, so he knows that if there is evidence of systemic failure, the blame lies with him.
The evidence is compelling. In September 2005, an unencrypted CD-ROM containing the bank details of taxpayers went missing. What did the Treasury say at the time? It said:
“This is a one-off incident…we are urgently reviewing our procedures to make sure this type of incident does not happen again”.
Of course it did happen again. In May, the details of 42,000 families who are claiming tax credits were sent to the wrong people. The Treasury then said
“we have robust procedures in place to protect information provided by”
the public. But of course they did not, because earlier this month the national insurance details of a further 15,000 people were lost on a CD-ROM. The Government then said:
“we have reviewed our arrangements and introduced safeguards to prevent this happening again”.
I am grateful to my hon. Friend the Member for Banbury for bringing to my attention the case of Mr. Leaver, a constituent of his from Bicester. In July, Her Majesty’s inspector of taxes sent two letters apparently intended for Buckinghamshire county council to his home address in Bicester. They contained the names and national insurance numbers of all the employees who had recently left that council. Mr. Leaver phoned Her Majesty’s inspector of taxes and was told, “We are very grateful for your telling us this. We will correct the error.” He has subsequently received five more letters. My hon. Friend raised this with HMRC, which confirmed that that was the case, and having looked into the matter, it said:
“We did indeed hold an incorrect address for Buckinghamshire County Council.”
In Oxfordshire, as my hon. Friend points out.
When the Chancellor orders yet another review and issues yet another promise that something will not happen the public are not convinced. We want him to acknowledge what the head of the Institute of Chartered Accountants said last week: that the catastrophic loss of personal data was not a one-off, but
“an example of wider operational and managerial malaise within HMRC”.
The institute has said that this gone on for most of 2007. Its head said that
“there is a deterioration in service standards at HMRC. It manifests itself in things like postbags being unopened for weeks.”
Will the hon. Gentleman guarantee to the House that if he were to achieve the high office to which he aspires, there will be no loss of personal data under his watch?
What I can guarantee is that if I saw evidence of systemic failure in a department for which I was responsible to this House, I would look into that systemic failure and seek to correct it. There is no evidence that either this Chancellor or the previous one did that at all.
Will the hon. Gentleman give way?
I shall give way to the hon. Gentleman because his question to the Chancellor last week again implied that this was all about the lowly official sitting at a computer. Presumably he was as astonished as I was to find that senior officials were involved in this decision.
The hon. Gentleman perhaps misheard or misunderstood the question put by my hon. Friend the Member for Houghton and Washington, East (Mr. Kemp). Given how smug and sanctimonious the hon. Gentleman is being, surely he could give a 100 per cent. guarantee that not one iota of data will be lost under any future Conservative Government in any circumstances. Will he give us a guarantee please?
First, I guarantee that I and anyone who serves in a Conservative Government will examine evidence of systemic failure. I think that I am pretty safe in guaranteeing that if I were Chancellor of the Exchequer, we would not lose the personal details of half the people in the country.
Is not the hon. Gentleman making a bold pledge? Would it not be more gracious for him to examine the records of previous Governments, including those of his party, and check how many times data have been lost by them, and to review the pledge that he has just been making?
I do not think that the hon. Lady can seriously point to an incident where any previous Government, Conservative or Labour, managed to lose 25 million people’s names, addresses and national insurance numbers. This Government managed to lose the name, address and date of birth of every child in the country. As far back as 2002, the Prime Minister’s performance and innovation unit talked about
“the lack of public trust in the way that the public sector handles personal information and the security of that information”.
Yet that warning and subsequent ones by the Information Commissioner and Select Committees of this House and the House of Lords have been ignored.
The Chancellor will no doubt tell us about the fact that the chairman of PricewaterhouseCoopers has been asked to conduct yet another review of HMRC’s security procedures. Will he confirm that we are still awaiting the results of the previous one? Does he remember something called the Crosby review? It was set up last year to explain how HMRC’s tax credits system had been defrauded of £1.7 billion. Parliament was promised the report this summer, and I know that Labour Members were eagerly awaiting its arrival so that they could read it during their summer break. The Chief Secretary to the Treasury disappointed us, saying that it would arrive later in the summer, but we are now approaching December and there is still no sign of it.
We have been told that plans are afoot in the Treasury—perhaps the Chancellor will confirm this—[Interruption.] The answers come scurrying from the Government officials; at least this message did not get lost in the post. We have been told that plans are afoot in the Treasury to merge different HMRC databases into one single super database starting in April next year. Will the Chancellor confirm that, starting in April, everyone’s tax records will be merged with everyone’s benefit records? How can anyone be sure that such a super database containing the details of every person in the country will be any safer than the databases that it replaces?
Has the time not come to consider whether HMRC should continue in its role as a benefits agency? I suspect that this issue might find sympathy with some Labour Members, because every MP knows that HMRC has proved itself incapable of administering tax credits effectively. It has now proved itself unable to administer child benefit competently. A tax-collecting department is not best suited to being a tax-spending department. This situation is a legacy of the previous Chancellor’s obsessive desire to carve out for himself an empire in Whitehall. Now that the emperor has been shown to have no clothes, that empire should be dismantled. The administration of benefits should return to the Department for Work and Pensions where it belongs.
Finally, the Chancellor must acknowledge the growing public concern about this Government’s insatiable appetite for holding more and more personal data on their citizens. In a rare display of independent thought, he once said:
“Identity cards are unnecessary and will create more difficulties than they will solve…I do not want my whole life reduced to a magnetic strip on a plastic card. Those who advocate ID cards should think long and hard before continuing to do so”.
Surely an incident such as the loss of half the country’s data would make him think long and hard.
Now is the time to scrap the flawed plans for ID cards and a national identity register. Given that the Government have shown themselves to be completely incapable of looking after the data they already hold on us, how can they possibly ask for any more? I know that the Government increasingly look like a Monty Python sketch, but should they not take a leaf out of Monty Python’s book and just say, “ID cards are no more. They have ceased to be. They are an ex-project”? The sooner the Government wake up to that fact and stop wasting our money on this doomed white elephant, the better.
The Government have failed in their first duty—to protect the public. The Chancellor has presided over a Department that has lost the personal details of every child in the country, yet instead of an anxious public being kept informed, we have to wait for the Opposition to call him to Parliament to explain what is going on and why the version of events that he gave us last week is contradicted by the published evidence from the National Audit Office.
Since he took office, this Chancellor has lurched from one disaster to another—from the bank run, to the disastrous pre-Budget report, to the capital gains tax plans that seemed to change week by week. But the biggest disaster of all is surely this loss of the country’s personal data. As someone once said, accident-prone Ministers are not accident-prone by accident. This Chancellor will never regain a reputation for competence; let us see if he can cling on to a reputation for being honest about his mistakes.
I beg to move, To leave out from “House” to the end of the Question, and to add instead thereof:
“approves of the decisive action taken by the Government when it became aware of the data loss by HM Revenue and Customs, including the collaborative work undertaken in association with the UK Payments Association, the British Bankers Association and the Building Societies Association and through them individual banks, building societies and other financial institutions which enabled them to put in place appropriate safeguards and monitor any irregular activity; welcomes the decision of the Chancellor of the Exchequer to initiate an urgent investigation by the Metropolitan Police and his appointment of Mr Kieran Poynter to conduct an independent review of HM Revenue and Customs’ data handling procedures; acknowledges the steps which have already been taken to improve the department’s data transfer processes; and notes the Chancellor’s assurance that he will keep the House fully informed of further developments.”
This is a very serious matter, and I am sorry that the shadow Chancellor has chosen to make it an occasion for political knockabout. [Interruption.] It is extremely serious when so many records go missing. There are no excuses for it, and yet again I reiterate not only my profound regret at what has happened but my apologies to the millions of people in this country who have been caused anxiety and distress. It is because I want to ensure that we not only find out exactly what happened but ensure that it never happens again that I appointed Kieran Poynter, the senior partner and chair of PricewaterhouseCoopers, to conduct an inquiry and report. I will come back to that shortly.
Will the Chancellor give way?
No, not just now.
It is absolutely essential that we deal with the facts and the evidence, and we will have an interim report containing those in three weeks’ time.
Before I deal with the points made by the hon. Member for Tatton (Mr. Osborne), let me update the House on the current position. The Metropolitan police inquiry is continuing, as are searches. As this is a continuing police inquiry I do not want to say anything further on that, but the police inform me that they still have no evidence or intelligence that these data have fallen into the wrong hands and no evidence of fraud or criminal activity. The majority of accounts into which child benefit payments are made are with a small number of banks. The banks have now been able to check back to 18 October, and there are no reports, so I am told, of any activity suggesting increased fraud attempts deriving from this incident. However, Revenue and Customs will continue to ask for updates from major banks and building societies at least once a day.
Revenue and Customs also made changes to security processes and procedures for bulk data transfers, and such transfers will now take place only if they are absolutely necessary, written authorisation has been provided by senior Customs managers, and clear instruction has been given regarding the appropriate standard of protection for transfer.
As I said, Kieran Poynter, the chairman and senior partner of PricewaterhouseCoopers has started his inquiry, and I shall return to that shortly. [Hon. Members: “Give way!”] I shall certainly give way to the hon. Member for New Forest, West (Mr. Swayne), unless he has lost interest in the subject.
Twenty-five million records of children’s names and addresses have disappeared. Given the amount of data that the Government are collecting, no doubt including whether the children have been bad or good, and that it is six weeks before Christmas, it is blindingly obvious who has taken them.
I think that members of the public would hope that the House and the hon. Gentleman take this matter seriously. I am very sorry that he has chosen to strike that attitude.
On what evidence does the Chancellor base his statement that he does not believe that the discs have left Government property?
The information that I have comes from the police and from Revenue and Customs. As I said, the inquiry is continuing. When it has concluded and I have the interim report from Kieran Poynter, which I have asked to have by 14 December, I will report to the House thereafter.
I want to make some progress.
Let me deal with three matters that the shadow Chancellor raised before I turn to what he said about my statement and his other points. First, I said in my statement last week that we informed the banks—through the Association for Payment Clearing Services, which acts for them—on the Friday that we had this problem and needed their help. Work was carried on over the weekend to uplift the accounts so that they could be monitored. On the Monday morning, when I was reaching a decision about when I would report to the House, I asked what the banks’ view was. A number of banks said that they wanted more time—
Which banks?
I am not prepared to say that without those banks’ consent, but their request was based on perfectly good operational requirements. Nobody is blaming the banks; they simply wanted the time to put in place the necessary protections. It was clear to me that, as I said last week, a balance had to be struck between my need to tell the House and the public and the need to ensure that the banks were properly prepared.
The hon. Gentleman made a suggestion about dismantling something. I am not sure whether he is calling for the dismantling of Revenue and Customs or wants to transfer the benefits element out of it. The issue here, unless Kieran Poynter’s inquiry points elsewhere, is not so much where the child benefit centre is located in terms of responsibility—of course, it was part of the Department for Work and Pensions and, before that, the Department of Social Security—as ensuring that there are robust procedures in relation to the handling of data and, crucially, that the procedures are followed to the last detail.
In relation to identity cards, yes, I did indeed say what the hon. Gentleman said. However, as somebody once said, when the facts change, I change my mind. What has changed over the past few years is that a great deal of information is held about each and every one of us by Government Departments, by the private sector, and by the health service. The whole point of ID cards is to strengthen security so that we can be confident that information that is held on us, whether in the public sector or the private sector, is not released to third parties without our consent. That is the merit that ID cards can bring, and that is why I have changed my mind. Frankly, a lot has happened in the past 10 or 15 years in terms of the sheer quantity of information held.
rose—
I give way to the right hon. Member for Wokingham (Mr. Redwood).
The Chancellor has already referred to one action that he has taken since this became news. What has he done in the past 18 days to change the systems in his Department?
I will come to that. I have already said that HMRC has changed its procedures for dealing with the bulk transfer of data. This is one of the reasons why I asked Kieran Poynter, coming as he does from a very large accountancy firm with a lot of experience in dealing with these sorts of problems, to make recommendations. As I said, it is important that we get the evidence and the facts so that we can learn from what has gone wrong and then proceed.
rose—
I will give way to the right hon. Member for Fylde (Mr. Jack), and then I am going to make some progress.
It is said that the request to remove the sensitive information from the lost discs was turned down on cost grounds. If that is correct, first, how much was the cost saving; and, secondly, how much will it cost to clear up the mess?
That, along with everything else, is part of the investigation being carried out by Kieran Poynter.
I want to deal specifically with the central argument made by the shadow Chancellor. In my statement to the House on 20 November, I set out the facts and circumstances known to me in relation to the missing personal data. That statement was accurate in every respect in accordance with the information that I had then and have today. I specifically said in my statement that the House would understand that because the investigation was continuing, I was not yet in a position to give a full account of what had happened. I did, as the House would expect, set out the information I had available, including that the discs appear to have been provided to the NAO by a junior official in both the March and the October incidents. But I said in the same statement that Revenue and Customs as a department had failed to meet the high standards that should be expected of it in discharging its responsibility to the general public, who entrust it with highly sensitive personal information. I also referred to other data security breaches. Far from it being a one-off, I referred to those other breaches by Revenue and Customs, including the loss of records by an external courier and the loss of a laptop and other material in the very recent past.
The Chancellor said, when he spoke to us last week, that it was down to a junior official in the HMRC. The e-mails that were then released by the National Audit Office and the covering letter from the assistant auditor-general to the acting head of HMRC say that the HMRC process-owner for child benefit—whom I think the Chancellor would agree is a senior official—was a copy recipient of the e-mail dated 13 March. Does he now accept that a senior official was copied into the decision-making process?
I am just coming to that, but before I leave that point, the hon. Gentleman made much of the fact—I think these were his words—that somehow it was implied that this was a one-off incident. I specifically said in my statement that there had been other data security breaches in the recent past, and I went on to say that I told the House that because of my concerns I had appointed Kieran Poynter to investigate Revenue and Customs security processes, and the procedures for data handling. As I said, I will have his interim report by 14 December, and I will report to the House thereafter before it rises for the Christmas recess.
Will the Chancellor give way?
Let me finish this point first.
It will be an interim report and there will be a full report in the spring. I made it clear in my statement last week that we need to establish what happened and how it came about that two discs containing highly sensitive and personal information were provided to the NAO by Revenue and Customs in October. In that context, it is important to look at Kieran Poynter’s published terms of reference because they make it very clear that I want a widespread investigation.
His terms of reference are: to establish the circumstances that led to the significant loss of confidential personal data on child benefit recipients, other recent losses of confidential data and the lessons to be learned in the light of those circumstances; to examine HMRC practices and procedures in the handling and transfer of confidential data on taxpayers on benefit and credit recipients; the processes for ensuring that such procedures are communicated to staff and the safeguards in place to ensure that they are adhered to; the reasons those failed to prevent the loss of confidential data; and whether those procedures and processes are sufficient to ensure the confidentiality of personal data.
rose—
Hold on.
The terms of reference are deliberately widely drawn to allow every aspect of this matter to be looked at and to ensure that the lessons are learned at every level in Revenue and Customs.
In view of what the Chancellor said about the importance that the Government attach to the security of data transfer, will he confirm to the House that the data included on the two CDs were not encrypted, as the HMRC’s press office statement said, which was reported on Newsnight last week?
I said last week that the data were password-protected, but not encrypted. Most people agree that the data ought to have been encrypted, but they were not.
Will my right hon. Friend take it from me that the shadow Chancellor has lost a golden opportunity today? Does he agree that what the country looks for, when serious matters such as those we are debating today are considered, is a calm and measured response that addresses the issues for the long term in the interests of the country, and seeks to put them right? Instead, we got personal, cheap remarks with cruel humour and not one iota of constructive suggestion from the Opposition.
I agree with my hon. Friend that, as I said at the start, this is a serious matter, which means that we need to deal with it properly and comprehensively.
rose—
I have been promising to give way to the hon. Member for Birmingham, Yardley (John Hemming) for some time.
Obviously, we recognise that one of the biggest problems in the release of the data was that they were not encrypted, but merely password-protected. Why, therefore, has the Department not said that while the review continues, any data discs should be sent out in an encrypted manner? Merely having a sign-off from a senior manager would not prevent exactly what has happened from happening again.
Part of the procedures that have been put in place, and which require the sign-off of a senior manager, ensures that if a large transfer of material were being made, encryption would be looked at. It may be that other things can be done—material might be taken under suitable security and so on. All those things will be looked at.
No, I will not give way again. The hon. Gentleman has made his point. It is a perfectly reasonable one, but it is one of the things that Kieran Poynter is looking at.
rose—
I will not just give way just now.
We will have the interim report in three weeks’ time, and, as I said to the House last week, that will be alongside the police investigation, the independent police complaints investigation and the Information Commissioner’s inquiry. The NAO is also conducting its own investigation.
I want to deal with the shadow Chancellor’s allegation about whether a senior HMRC official was involved in the earlier incident in March. As I said to the House, there were two incidents—the October incident, which led to the loss of the material, and the March one, which equally should not have happened, but where the material was returned. The question was whether a senior HMRC official was involved in the decision to release information to the NAO in that earlier incident in March. The House will recall that the discs were returned safely, but when the e-mails the shadow Chancellor refers to were published, they were accompanied by a letter written by an assistant auditor-general at the NAO, and sent, as he said, to the acting chair of Revenue and Customs, dated 22 November.
I want to read a paragraph from the letter. I think the hon. Gentleman has it, but it is rather important in relation to the allegation he made. The assistant-auditor general says in her letter:
“We met this morning and agreed that the HMRC Process Owner”—
that is, the official in question—
“for Child Benefit was a copy recipient of an e-mail dated 13 March 2007. The e-mail was sent by a junior HMRC”
official.
“It refers to a reluctance to provide data in the filtered form the NAO had requested. We also agreed that our own NAO audit director was aware of the position, and that we have no evidence that the Process Owner for Child Benefit made the decision to release the data.”
The hon. Gentleman left that bit of the letter out.
Will the Chancellor give way?
Not just now.
The letter continues:
“The National Audit Office is not making an issue of any of this.”
There is no inconsistency between that and what I said last week.
Will the Chancellor give way?
In a moment.
There is no inconsistency between what I said in my statement last week and the information publicly available. Crucially, exactly what happened in the chain between the time that information was requested and the discs were handed over is to be investigated by Kieran Poynter and the National Audit Office, which is carrying out its own inquiry. They will examine the evidence, establish the facts and make recommendations.
The Chancellor did not accurately read that letter. He read the sentence, “The e-mail was sent out by a junior HMRC official”, which is what he told the House of Commons. The sentence actually says:
“The e-mail was sent by a junior HMRC manager”—
that is, management in the senior levels of the department. [Hon. Members: “A junior manager”] It was indeed a junior manager, but that still makes him a senior official. He makes the point—[Interruption.]
Order. These are extremely serious matters and all our constituents would expect us to deal with them seriously.
Indeed, 96 per cent. of people employed in the department are more junior than the person whom we are discussing. Perhaps the Chancellor could correct the record about the letter. Will he explain why someone, who is presumably close to him, told the BBC’s political editor that
“when he spoke to the Commons the Chancellor had not seen the e-mails and had not been told of the potential involvement of a senior official”?
The letter does say “junior HMRC manager”, but I note that the hon. Gentleman did not comment on the fact that it also states:
“We have no evidence that the process owner for child benefit”—
the senior manager whom we are discussing—
“made the decision to release the data.”
In other words, that evidence is not available to us.
The key point is that I have asked Kieran Poynter to examine all the evidence to establish what happened. As I said in my statement last week, I did not have all the information; I was able to make an interim report at that time, but further information was needed. It is precisely because of the need for full and further information; that I have asked Mr. Poynter to report. When he reports by 14 December, I will return to the House and make an oral statement before the House rises for the Christmas recess.
The incident is serious. Again, I apologise unreservedly to the public. The Department has clearly failed in the high standards that the public rightly expect. That is why I asked for a thorough inquiry. The lessons need to be learned so that we make sure that it does not happen again.
I support the Opposition motion, although it is rather narrowly couched. The hon. Member for Tatton (Mr. Osborne) broadened it a little to refer to ID cards, but there are much broader questions than those posed by the motion. None the less, I agree with it.
We all accept that the starting point is the potential through the loss of the CDs for damage which has not yet been fully realised. Among those who come to me as a local Member of Parliament to express anxiety are people who are desperately worried that information about their identity and location will be leaked to their partners or former partners from whom they have separated. In some fraught relationships, identity is crucial, and all that information could now be lost.
We sincerely hope that the discs will not fall into the hands of the criminal fraternity. However, I understand that one identity on the black market is worth approximately £60. We are therefore considering a stock of criminal value of around £1.5 billion, which makes the Brinks Mat robbery the equivalent of stealing the church collection. An enormous amount remains at stake.
I shall tackle the broader questions, but I should like first to deal with the specific, basic question that the hon. Member for Ludlow (Mr. Dunne) and my hon. Friend the Member for Birmingham, Yardley (John Hemming), who is an encryption specialist, asked about why encryption has not routinely taken place. I understand that that was not a simple oversight and that almost all the data that have been lost and all those that have been shipped around in government are not encrypted. Encryption is simply not happening. What are the reasons for that? My understanding, from talking to some of the specialists involved, is that IT specialists, mostly freelancers, are needed to encrypt data. The big IT companies are not interested in using them and the civil servants who oversee them do not understand the problem, so encryption is not happening. Can the Poynter inquiry probe that further in relation not only to the Treasury but departments in general?
A second set of questions relates to transporting the discs. We now know, as a result of the information that has been released in the past few days, that not only the Standard Life discs and the two CDs went astray. Apparently, two more CDs that contained confidential information were lost in transit from Preston to Whitehall. Yesterday, I believe that discs that contained Scottish Government confidential information went astray in Scotland. Why is transport handled in such a way? In the years I spent in the diplomatic service we had something called the diplomatic bag, which may have been overrated but existed specifically to handle confidential data. Of course, transporting data across borders involves somewhat different considerations. None the less, there was a recognition that confidential data need to be handled confidentially and carefully, and that a dedicated institution was merited. Yet that concept appears to exist nowhere in government. I wonder whether the Poynter inquiry will argue that simply contracting out less stuff to courier companies is the best way in which to handle the information.
The hon. Gentleman has considered encryption and the procedures for transit. Is not a more fundamental point that someone in the department was able to copy the data, without a technical intervention from a senior manager?
The hon. Gentleman is right and access was my next point. I asked that question of the chairman of a leading plc, who thought that it was unbelievable that a junior employee in his company could have access to all the company’s commercial and technical secrets. He said that there would be an elaborate and difficult process to ensure that people going into the database and getting out again were properly screened. That appears to exist nowhere in government. Again, we need to establish why.
On what basis does the hon. Gentleman think that?
I am simply asking questions—[Interruption.]
Order. If hon. Members want to intervene, they must do so in the normal way, not from a sedentary position.
My question on the specifics of the leakage relate to why the information was transmitted through CDs. I am not a specialist, but I understand that super-computers nowadays transmit data electronically and instantaneously and that receipt can be confirmed instantaneously. Why is a rather antiquated system, in computer terms, employed for the major transmission of data? That is a simple, factual question about which the inquiry will doubtless enlighten us.
There are broader questions. Clearly, the Chancellor is responsible for his Department and his agency. It is proper that he responds to questions about that. However, every question that we ask the Chancellor could equally be posed to every other Secretary of State in Departments that have agencies handling data. Is the Chancellor aware of any other Departments that are involved in the same sort of transmission of data as that in which his Department is engaged? The same thing could clearly happen with the Department for Work and Pensions and with highly sensitive data in the Home Office and its agencies. Are the Government as a whole considering database management and security? Surely that is the crucial question.
I was contacted yesterday by a constituent, Mr. David Kauders, who told me that when trying to renew his car tax disc he found that he was inputting his credit card details into an insecure website. Does the hon. Gentleman agree that the Chancellor should look into that immediately and, if my constituent is found to be correct, warn people that their credit and debit cards are at risk?
I am not sufficiently informed of the structure of Government to know whether the Driver and Vehicle Licensing Agency comes under the Chancellor. However, clearly a Department should check that out.
The broader issue is how IT systems in Government—not only in HMRC and the Treasury—are managed. What role does security play in the objectives of massive IT programmes? Of course, many work perfectly well, but IT systems exist to provide convenience, cost reduction and security. How much is security weighted in the current management of the systems? The hon. Member for South Norfolk (Mr. Bacon) among others has persistently asked about the way in which Members of Parliament gain access to the Government’s evaluations of their IT programmes in HMRC and elsewhere. There is an issue about the so-called gateway reviews—the way in which IT programmes are judged and evaluated. My understanding is that we are not allowed access to them. The Public Accounts Committee, too, is not allowed access to them. Perhaps the Chancellor will confirm whether he, like his predecessor, is determined to go to court to block public or parliamentary access to the gateway review on HMRC. Is that the case?
Does the hon. Gentleman suggest that the resignation of the head of HMRC is not sufficient and that accountability for the problems rests with Ministers?
It does ultimately rest with Ministers, although I am not calling for the resignation of the Chancellor. We obviously need to find out a great deal more, but accountability indeed goes higher. The point that I made in response to the original statement was that in Departments such as the Home Office that principle has been accepted.
There is obviously culpability at ministerial level, and not only for incompetence. Does the hon. Gentleman have questions about the way in which the episode was eventually announced in the House and the so-called junior official was forced into flight, holed up in a hotel in secret and hung out to dry, just as the Government have hung other public officials out to dry when seeking to save themselves rather than the public interest?
I am not quite sure what else could have been done with that junior official to protect him from the media. I am not critical of how the Chancellor handled the issue in the House. It seems to have been dealt with promptly and properly, as far as it went, so that is not my line of criticism.
I should like to move on to the issue of cost cutting. The hon. Member for Tatton quite properly raised the particular e-mail in the batch that we received. Perhaps I should read out one sentence from the communication, to explain where the problem lies:
“I must stress we must make use of the data we hold and not over burden the business by asking them to run additional scans/filters that may incur a cost to the department”.
Obviously cost-consciousness is important, and I do not criticise civil servants for being conscious of cost. However, in this case—the right hon. Member for Fylde (Mr. Jack) put this question perfectly well—what is the cost of doing a basic test, with the stripping out of sensitive data? I gather from people in the profession that it probably costs a freelance consultant something in the order of £10,000 to do a job of that kind. Other estimates might be available, but that is in the context of budgets of £8.5 billion, which is the value of the Capgemini contract. Who is making an assessment of the costs and benefits of particular choices? Who is assessing proportionality?
That links in with the issue of staffing and staff cuts in the department. Again, I have no fundamental objections in principle to trying to raise the efficiency levels of HMRC and Departments. No public servant has a job for life. However, I have always been critical not so much of the principles behind the Gershon savings, but of how they operate through crude head-counts, which anyone who has worked in a large company will know are the most inefficient way of trying to increase efficiency. They often result in the wrong people being evicted, staff being demoralised and a lack of supervision. That has undoubtedly been a factor in the operation of HMRC and not only lies behind the tax credit fiasco, but probably plays a part in this situation.
The fundamental issue that I wish to raise—this relates to why I think the Opposition motion is too narrow—is the danger, which has now been highlighted, of big centralised databases. The hon. Member for Tatton is right that one of the major lessons from this episode concerns the problems that could arise from the ID card system. However, the underlying issue is that we have big centralised data systems, with large numbers of people who have access to them, so any mistake is compounded on a large scale. Quite apart from whether we get to the ID cards system, there are big Government central databases about which important questions now need to be asked.
For example, there is a new child protection database system called ContactPoint, which was created in the wake of the Climbié inquiry. As I understand it—I stand to be corrected—in the order of 300,000 professionals could have access to that database. It is difficult not to imagine that at least a few of them might have some malign intention. The problem lies in the sheer scale of the database to which they have access, however well managed it is and however good the protocols.
The hon. Gentleman is making a serious speech, to which we are all listening attentively. Does he not agree that the key issue for IT access is which data fields can be accessed, rather than whether they are grouped in one or several databases? In the case of the child database to which he has referred, the key question is how many people can access the address or contact details of a child, rather than whether a certain number of people can access the database at all.
The hon. Gentleman has an advantage over me, given his technical knowledge. However, my hon. Friend the Member for Birmingham, Yardley, who I suspect has even more technical knowledge, has suggested that the fundamental problem is not the number of fields but the number of records and the sheer scale of the databases.
That issue arises not only in relation to ContactPoint. There is also the looming issue of the NHS spine, containing highly sensitive medical data to which well over 300,000 people will have access. I am told that some journalists are willing to pay £10,000 or something of that order for access to the medical records of a celebrity. The temptation for somebody to use and abuse the database in that way is obvious. Although there are disadvantages to a fragmented system in which GPs have their own records on paper, it is significantly better for security.
I am grateful to the hon. Gentleman for giving way, because I wanted to raise similar issues in my speech, which can now be shortened. Is not the problem that whatever system we introduce and however perfect we try to make it any system can be made open to abuse by people who want to get information to which they should not be allowed access?
The hon. Lady is absolutely right. However, although it is easy to be wise after the event, my point is that one of the lessons that we should learn from this episode is that big is not necessarily beautiful and that there is advantage in a small scale. That may well result in reduced efficiency, but when we are concerned about massive data loss and security, there is an argument for smallness. We should start to adopt that approach for some sensitive database systems.
Does my hon. Friend also agree that there is an issue with responsibility for error? I recently became aware of a Child Support Agency case, where the contact details of an individual were wrong, which was causing problems in processing payments. However, the Child Support Agency said that since it was not the only organisation that could have changed those details, it could not be deemed responsible for the problem.
Indeed. It is a question not just of the size of databases but of the whole system and the interconnection between them, with the risks multiplying many times over.
My next point relates to what this sorry episode suggests to us about data protection legislation. The subject arouses great annoyance in many quarters, and I believe that the Conservatives have suggested that they will repeal the data protection legislation. There is an appalling contrast between how individuals encounter the workings of the Data Protection Act 1998, which are about form filling and obstruction, and what members of the public see in the conduct of government, which is inefficiency and leakage. That lack of balance and accountability is at the heart of a great deal of disillusionment. In the light of that, I wonder whether we should return to the 1998 Act and introduce some new principles, one of which is that individuals should have access to the data that the Government hold on them and the right to correct that data.
Another principle that stems directly from the current affair is that where data managers have committed serious errors or been negligent they should be open to some penalty. Apparently no penalty currently exists. It might have been a bit of a joke that the Metropolitan police were fined several hundred thousand pounds for the shooting of de Menezes, but the data managers in HMRC face no penalties whatever under existing legislation. Surely that should be addressed.
The inappropriateness of the contrast between what has happened in this case and ID card legislation is that there are penalties in the Identity Cards Act 2006 for unlawful access to the ID cards database. Perhaps we should consider a specific penalty for unlawful access to Government data across the piece, measured on a data-by-data basis.
That seems a sensible suggestion on the assumption that that actually happens.
My final point is that although the purpose of today’s Opposition day motion is to hold the Chancellor to account on matters relating to a serious breach of privacy and data, it highlights the fact that we have no regular mechanism of doing so in the House. One of the purposes of reforming the 1998 Act could be to ensure that we have a proper ongoing Select Committee system concerning privacy and data, perhaps involving both Houses of Parliament, so that it is not necessary to have these occasional and highly politicised attempts to deal with issues that should be dealt with in the House systematically.
Thank you for calling me so early in the debate, Mr. Deputy Speaker. I apologise to the House for having other business that will call me away, but I shall endeavour to return as quickly as possible, as this is an important debate and I want to be a part of as much of it as I can. I want to distil the important issues on which we need to focus from among those that the Opposition are tempted to dwell on and have fun with, which simply create hot air and bring little more to the debate than a few headlines and some enjoyment for those who like to see people squirm.
When people make mistakes, the first thing that they should do is to apologise. I congratulate my right hon. Friend the Chancellor on doing that immediately; it was the right thing to do. When we make mistakes, we should also do our best to put things right. In order to do that, we need to know what went wrong. My right hon. Friend is right to say that, when there has been a catalogue of mistakes—we cannot pretend that that is not the case—we need to know what lies behind it.
Holding the inquiry is exactly the right thing to do. To say that we had some data first in one place and then in another, and that we do not know exactly where some discs are, and to pretend that we know what happened during that series of events and not to hold an inquiry would be quite ludicrous. I congratulate my right hon. Friend on immediately instigating the inquiry. It was the right thing to do.
We need to look to our laurels and find out what went wrong. We also need to determine whose responsibility it was. This certainly cannot be laid at the door of junior officials. I always think that it is quite wrong for politicians ever to lay the blame at the door of officials.
I wonder whether that is a subtle chastisement of the Prime Minister and the Chancellor of the Exchequer, both of whom explicitly used the term “junior official”, which would have been entirely unnecessary if they were not trying to suggest where the responsibility lay.
Absolutely not at all. That is a gross misunderstanding of what was being said. If someone has taken an action, as that junior official clearly did, it is one thing to understand that action, but to blame that person for it is quite another—
He is in hiding.
The hon. Gentleman needs to wait for the inquiry. Why did that junior official take that action when, in the light of the procedures that should have been followed, it clearly should not have been taken?
The hon. Gentleman must calm down, stay in his seat and think about what I am trying to say. There is a set of procedures; why were they not followed? If there are pressures in the department, why did that person not follow the procedures? Which level of senior managers did not ensure that those procedures were properly followed? What breakdown took place that resulted in those procedures not being followed—if, indeed, that is the case? In future, what new, easier-to-follow procedures shall we need to put in place to ensure that this kind of thing cannot happen again?
Does my hon. Friend agree that the loss of data should not reflect on the vast majority of staff who work at Waterside Park and who do a good job? Many MPs here will struggle to remember the last time that they had a complaint about the delivery of child benefit; it is an efficient benefit that has delivered to millions of families and helped to alleviate child poverty in this nation.
My hon. Friend brings me to my next point. As a former civil servant, and as a former member of the CPSA union who represented members of the department that he has mentioned, I can tell the House that they are grand people. To suggest that they could be in any way accountable for this mistake would be wrong. The Government have made decisions to increase the level of child benefit and to ensure that people rightly get the money that they deserve, but many of them would not get it on time without those people who live and work in my hon. Friend’s constituency making sure that that can happen. It is right to acknowledge the work that they do—
Oh, he is at it again. I shall let him have a go.
There are so many questions that have not been answered by the Chancellor because there is going to be an inquiry, yet the Chancellor and the Prime Minister both managed to divulge one fact very early. It turned out—allegedly, and perhaps not entirely correctly—to have been a junior official who had released the data. May I suggest that that revelation was entirely unnecessary? The fact that that person has been hounded out and has been in hiding is a disgrace and a shame for the Government.
Oh dear, oh dear, oh dear. The hon. Gentleman really does need to stay in his place, stay calm and not get so excited. Would he rather that that person were flogged and hanged by hon. Members in the street—[Interruption.] Would he rather that that person were hounded by the press and not protected? I see this rather differently. I would rather that that person were kept away from the press so that they were not hounded every day, but the hon. Gentleman sees this rather differently. I see this as a way of protecting the person. The hon. Gentleman will have it his way; I will have it mine. It is better that we get to the facts, then look at what we need to do in the future. That is what the inquiry is about.
We have heard today that this matter has reached another stage. I anticipated that this would happen, but I regret that two other questions have, quite spuriously and wrongly, been thrown into the debate: what should we do about the department, and what should we do about ID cards? They are both wrong, but let us look at the matter. The department is the right way to go. I know that some of my hon. Friends might agree with the Opposition, but I disagree with them.
The way in which the system has been set up ensures that people who need tax credits can have them, and it is thanks to the constituents of my hon. Friend the Member for Houghton and Washington, East (Mr. Kemp) that most people have now got the benefits that they deserve. It would be wrong to jiggery-poker about with a new department yet again. It would still have the same computer system, and it would still have the same employees. To pretend that it would be a completely different system would be to do a disservice to the public, and it would be wrong to try to reinvent the wheel. That is what Opposition Members want to do, but it would be a mistake and a diversion. It would be misleading, and it is not the right thing to focus on.
The Opposition’s suggestions about ID cards would result in our throwing the baby out with the bathwater. ID cards are a separate issue. Everyone always forgets that our biometrics stay with us continually. We would not have to carry cards; that is a separate issue. We cannot leave home without our biometrics; they are with us always. To say that, because of this one mistake—[Interruption.] It is a huge mistake; I do not take issue with that fact. But however big it is, and wherever those discs are, my biometrics are with me now, and no one can take them off me. Wherever I go, they are with me. I could go into a bank and put my fingerprint down, but it would not be on that database because it would be separate from my biographical details.
The hon. Lady is making a valiant case, but she seems to be suggesting that any transaction that she wishes to carry out will require her to be scanned and checked against a central repository. I am sure that that contradicts the answer that we got from a Minister some time ago. From memory, I think that we were told that it would be up to each organisation to determine how the system was used. Is the hon. Lady really suggesting that every single transaction would be checked against a central repository?
I obviously did not say that, but Opposition Members have been implying that this mistake means the end of ID cards. I was simply suggesting that an added protection for us, in having an ID register, is the fact that it contains our biometrics. It is there in the proposed legislation that, if organisations want to use our biometrics, that additional safeguard is there for us. I think that it is an additional safeguard that many people would want to have.
My hon. Friend is doing an excellent job of making the case that the Opposition have mis-juxtaposed the issue of ID cards with this issue. If we had ID cards, with the security that she is describing, the concerns about the loss of data would be nowhere near the same. Ordinary members of the public would know, for example, that if their bank had implemented that level of security using a biometric, the loss of basic data would not put them at the risk that they are now concerned about.
My hon. Friend makes the case even better than I could. That is precisely my point and Opposition Members do a disservice by trying to link the two, which is a mistake. Clearly, losing the discs was a mistake, but people need not be concerned that their loss could have led to a connection being established between their bank accounts and ID cards—if those cards were in place. The two need not be linked, so it is a mistake to talk about the death of ID cards. I certainly continue to support them and I know that my constituents also continue to support the ID card concept. As I say, it is a mistake to think that this issue means the end of them. I also think that it is a mistake to continue to parrot the idea that our data is out there in the country. I still believe that by the end of the inquiry we will have discovered that the data is safely stored somewhere in the system. I certainly hope so. Let us wait until the end of the inquiry before we start speculating about what has really happened.
I think everyone in the House agrees that if confidential data about 25 million cases go missing, it amounts to a very serious event and it is absolutely right for my Front-Bench colleagues regularly to draw the Government to account for the system failure that led to it. I also strongly agree with the hon. Member for Twickenham (Dr. Cable) that this is not just a debate about a serious problem that emerged when the data went missing, as it should also be about something much more deep seated that has been revealed by the event—namely, what I regard as the lack of seriousness of the Government’s response to it.
It is quite telling that so much of the debate and so much of the Government’s response has been a virtually technical discussion about whether the data was encrypted, whether the CDs were password protected, whether they are still on Government premises, whether the banks delayed and other issues of process. There has been what I regard as depressingly little focus on the huge issue of principle that underlies the whole debate.
We should all recognise that the information held about each one of us by Her Majesty’s Revenue and Customs is immensely sensitive and should be regarded by it as having the highest degree of security. That was true in the days before information technology and before it became relatively easy for that information to be passed around the system. The whole structure of data protection that has developed since information has been typically handled through IT has merely reinforced a commitment to privacy, which has always been part of the tradition on the Inland Revenue side of HMRC and should be absolutely in the DNA of a tax-gathering organisation. It has always been part of the proud culture of our tax-gathering institutions that we cannot read in this country’s newspapers information about the tax affairs of private citizens, which happens more regularly elsewhere. My biggest concern as a result of this event is the sense that that proud tradition of security in the tax-gathering organisations is being put at risk. Why is it being put at risk? I think that it is because at exactly the same time as the risk of this material being easily disseminated as a result of the development of modern IT, there is less and less respect for this country’s traditional defences surrounding the principle of privacy. Let me enlarge a little on that point.
We are talking about data held by HMRC, to which the National Audit Office wanted access in order to do its job of ensuring a proper audit trail and proper control on the use of Government money. Nobody would disagree with that. What we have not heard in this public debate is any evidence that anyone has asked this question: the NAO wanted this information, so what information should have been provided to it? There has been a debate about whether it should have gone on CDs or should have been encrypted, but not about whether the information should have been provided to the NAO at all and, if so, which level of information. There was a discussion and a decision was taken—we believe, but we do not know—by a relatively junior official or junior manager. Let us not enter that debate, but a decision was taken at a relatively junior level that information should be provided by HMRC to the NAO in a more generous form than the NAO was asking for and purely on cost grounds. Nowhere in the debate can be seen what I would have hoped for—a sense within HMRC that this is highly confidential information, protected by law and in respect of which HMRC has the role of trustee on behalf of the taxpayer or benefit recipient, which should not be provided to anyone else, including the NAO, unless very clear reason is given within statute.
On that point, does the right hon. Gentleman agree that one alternative would have been for HMRC to say that it would not send a copy of its database to the NAO, but it would allow its experts and auditors to come to HMRC in order to audit the information?
I agree with the hon. Gentleman that if—it is a very big if—there were good reason for the NAO to see the information, the obvious way to do it would have been for the NAO to get on the train and travel to see it in the place where it was kept. If I may say so, that still omits what I consider to be the key issue at stake here, which is whether the NAO needed to see the information in the form provided. Since the NAO itself did not even ask for the information in the form provided, it amounts to a catastrophic failure not of system, but of culture, within the tax-gathering organisations. That is the theme that I want to focus on.
“This will save us £5,000, £10,000 or £20,000, so we will send them a disc because it is convenient”. No, sir. This is information in respect of which HMRC is trustee, so it should have a deep-seated culture in the very DNA of the organisation— particularly in the days of modern IT—that such information is its own for its own purpose and should not be made available to anyone else, including the NAO. The NAO, of course, has a job to do and must be able to do it, but that poses a question: how much information does it need and can it be provided in anonymised form or in a form capable of protecting the privacy of the individual? Yet none of those questions appeared even to have occurred to people in HMRC, much less properly considered, as they should have been, at a senior level within the organisation.
The failure revealed by those events is not a failure in respect of who has got the password or the technical defences of the information; it is a failure of culture at the very heart of government. What concerns me most is that the responsible Ministers do not appear to have recognised that this is not a failure of authority levels and technical trip words; they have not seen that it is a failure of culture, which goes much more to the heart of government. It is exactly the same issue highlighted during the inquiry into how we got drawn into the situation in Iraq, when the sofa style of government came in for so much criticism. It is the train of thought at the heart of the government that sees process as a bore and believes that men of good will do not have to go through legal processes or have a proper audit trail because we can somehow find our way quickly to the right solution because we are doing it all for the best of all possible motives. Once again, no, sir.
We fought a civil war to establish the principle that we live in a society based on law, and that—most important of all—within that society based on law, law binds Government. What I see in this whole sorry story is yet another illustration of the fact that the Government do not have a proper understanding of the importance of the principle that a society of laws must start at the top, and the culture at the top of government must respect the fact that it is bound by law and must act only within it.
When someone from the National Audit Office asked for this information, the instinct should not have been to say “As we are all working for the same Government, let us be helpful.” The instinct should have been first to say “No, you cannot have it”, and secondly to say “Why do you want it?”—not in order to be difficult or to obstruct, but because that is how people behave when they live in a society based on law and not on discretion.
What a pleasure it is to follow a rather unfortunate speech, if I may say so, from the right hon. Member for Charnwood (Mr. Dorrell). I say “unfortunate” because although it was an extremely good speech that touched on some key issues, it was the sort of speech that should have been delivered by someone on the right hon. Gentleman’s Front Bench, and it rather showed up the threadbare nature of his Front Bench by looking at the bigger picture.
The debate arises
“as a result of this extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines.”—[Official Report, 20 November 2007; Vol. 467, c. 1102.]
Those are the words used by my right hon. Friend the Chancellor in his statement last week, and I have to say, in a partisan way but trying to be dispassionate, that I rather prefer his approach to that of his opposite number the shadow Chancellor. I thought that the Chancellor spoke in a rather measured, considered, calm way, whereas the hon. Member for Tatton (Mr. Osborne) did not do himself justice. He tended far too much towards the bluster and rhetoric end of the spectrum.
The hon. Gentleman and his colleagues were, rightly I think, attacked by the Chancellor for trying to score cheap political points. I, as politician, do not have a problem with someone who is trying to score political points, and nor in my view should any politician; but trying to score cheap political points on the back of 25 million people’s records going missing is not helpful. Let me give an example of what I regard as a cheap political point made by the Opposition. Following at least two interventions from my hon. Friends, the hon. Member for Blaby (Mr. Robathan) repeatedly said from a sedentary position “Tory gain”. I consider that to be the sort of cheap political point that does not help the debate at all.
I much prefer the amendment tabled by my right hon. Friend the Prime Minister on behalf of the Government to the substantive motion tabled by the Opposition. While I think it important and helpful to have this debate—although I also think it is happening at a rather early stage in the unfolding of events—the amendment seems to me much more forward-looking and constructive than the Opposition motion, which strikes me as rather negative and, in fact, not at all constructive. That is not to say that it is completely without merit. It does draw attention to the fact that 25 million citizens’ records went missing, and notes that that represents a
“failure to protect the personal details”
of those citizens, which is absolutely right. The Chancellor of the Exchequer has apologised for that, and so has the Prime Minister.
Apologies in themselves, of course, are not enough, although they are important in almost any walk of life in terms of basic human decency and politeness. When we have a huge problem, however, as we do with the missing discs, I think that many people outside the House would say “There is a problem within Her Majesty's Revenue and Customs. Whom would I prefer to have on my side trying to sort it out?” It has been acknowledged throughout the House that it is a huge problem—nearly half the citizens of our country are involved—but although those people might well conclude that they would rather have the right hon. Member for Charnwood on their side than those on his Front Bench, I think that many of them would prefer to have the Chancellor of the Exchequer and the Prime Minister on their side trying to sort out acknowledged problems.
The hon. Gentleman expressed support for the Government amendment, which refers to action taken by the Government. Does he not share my concern about the fact that the Government are not requiring every single disc sent out by HMRC from now on to be encrypted? At present, the only real difference is that a more senior person will have to sign off the loss of 25 million records.
I think we should be a little careful about adopting that approach. Kieran Poynter is conducting a review whose interim recommendations are due to be delivered by 14 December. The hon. Gentleman has considerable experience in computer matters and I understand his request, or demand, for encryption, but I think that such a step would be too much in the tradition—on occasion, the Government have been rightly criticised for this—of setting up reviews and then failing to wait for their outcome before acting.
If the hon. Gentleman will forgive me, I shall carry on for a bit. He raised the question of encryption. Today is 28 November, so 14 December is 16 days away. As far as I know, the absence of the Kieran Poynter recommendations and the Government’s response to them would not prevent any Government Department or agency wishing to encrypt from doing so straight away, and I would be surprised if that was not being done. Perhaps it is not. Perhaps the hon. Gentleman can tell us.
The Chancellor said that there was no requirement for encryption. So one more horse could bolt through the stable door that has not been closed before the review produces its interim recommendations.
The hon. Gentleman is absolutely right, but for the moment I would prefer to wait for the Poynter review.
I have a problem with the Government amendment. It asks us to support
“the steps which have already been taken to improve the department’s data transfer processes”,
but does not mention improving data access and copying processes. How can we support a proposal that makes no mention of security tokens, algorithm-based one-time passwords, USB cards, PINs or any of the other technical interventions that are required to stop the problem? All that we have are vague guidelines that have been breached at least three times in the past year in this Department alone.
I am grateful for what the hon. Gentleman has said, because it brings me conveniently to the next part of my speech, which concerns the relationship between Ministers, Government Departments and Government agencies. Let me quote again from the Chancellor’s statement last week:
“In terms of protecting confidential data, Her Majesty’s Revenue and Customs is operationally independent of Ministers. It is established by statute and run by its chairman, Paul Gray, and a board of commissioners who are responsible for its operations”.—[Official Report, 20 November 2007; Vol. 467, c. 1102.]
What is difficult for all politicians to deal with is how operationally independent agencies and staff are within Departments.
As I do not have a copy of Hansard with me, I speak from memory, but did that paragraph not end with the Chancellor’s saying that the responsibility stopped with him?
Overall the Chancellor of the Exchequer is responsible for the Treasury, and Her Majesty’s Revenue and Customs is an agency of the Treasury. The hon. Gentleman goes on about the technical ways in which the problem might be dealt with—logarithms, encryption and so forth—and such suggestions are helpful in the House of Commons, but I think that as politicians we should beware the temptation to micro-manage. The official Opposition consistently make allegations about the Prime Minister’s being a control freak, but when it comes to a terrible experience such as this, there seem to be calls from some parts of the House for micro-management.
Unlike some hon. Members on both sides of the House, I have done my own small bit before coming here, aged 46, in running organisations. I helped to run a small business in the shoe sector and was a partner in a law firm that had a turnover of approximately £30 million a year; it was not a huge organisation, and not a tiny one. Before anyone asks, let me declare an interest, inasmuch as I am a non-practising solicitor with the organisation Thompsons, in which I was a partner giving money, as declared in the register, to my constituency Labour party. I do not want any misunderstandings about that. I was a partner there for a number of years, so I have some experience—not a huge amount—of helping to run organisations.
If one is going to run a successful political, commercial or public sector organisation—I have no management training, along with the majority of Members, I suspect—one is constantly urged to delegate. When one delegates, one runs the risk that those to whom one has delegated a task will mess it up. That is in the nature of delegation, which is why so many people find it so hard to delegate; they cannot tolerate the thought of a foul-up.
When one has delegated, one has a responsibility to monitor the actions and sometimes inactions of those to whom one has delegated. When one finds that the person to whom tasks have been delegated has either failed to carry them out or has carried them out incorrectly, one should take decisive action to address those faults when they are discovered. One should of course have a process to monitor things so that one proactively discovers faults.
That broadly seems to me the position of our Chancellor of the Exchequer. There were faults in HMRC, as acknowledged by the Chancellor in the House on 20 November, in statements to the media since and certainly here today. That has also been acknowledged by Paul Gray, who was the chair of trustees of HMRC and who immediately fell on his sword when it became apparent that there had been problems in the organisation. Pick holes as the Opposition might—so they should; that is the role of an Opposition in a parliamentary democracy, which we are pleased to enjoy—one must ask whether decisive action has been taken. I think it has. Is the organisation aware of the problem and how it happened? It is quite clear from what has been said, particularly by the Chancellor, that the overall organisation, as it were, is aware of how this happened. The leadership within HMRC and, on the political level, within the Treasury as exemplified by the Chancellor has a plan that commands some support as to what to do to address the problems with which the organisation is faced.
The Chancellor and his team tick all the boxes on that, to use our modern jargon. They have perceived the problem—problems can be hidden in organisations for years, as we all know—taken decisive action and come to a preliminary view, which will be assisted by Kieran Poynter’s report as to how it came about. They have also come to a preliminary view, again to be assisted by the report, on where we go from here and what we do to prevent a reoccurrence.
My hon. Friend is using his previous professional expertise to persuasive effect. I always think that lawyers speaking on issues other than the vested interests of lawyers bring strength to this House. Logically, is there not an additional aspect that needs to be brought into the equation—the role of Parliament? Parliament appoints Select Committees, including the Treasury Committee, which is chaired by a Government Member, and its Sub-Committee, chaired by an Opposition Member, with a precise remit to look at exactly the same issues. The Treasury Sub-Committee, on which I once served—I take as much responsibility as any other Member—looks at the precise workings of this particular agency of Government.
In this case, flattery will get my hon. Friend everywhere. I broadly agree and he is right about Select Committees and Sub-Committees. He will recall that I said that the Opposition were picking holes and were right to do so, in that that is what Oppositions should be doing in a parliamentary democracy.
I very much agree with my hon. Friend’s call for a rational debate. Does he agree that some of the derogatory press comments about the town of Washington do not contribute to that rational debate? Those comments include some suggesting that the town is full of run-down high-rise tower blocks, of which it has none, and others about the low expectations of the people. It would be better to have a rational debate rather than such comments about a proud and successful town.
I certainly agree. Many of my hon. Friend’s constituents work for HMRC on child benefit. Derogatory remarks about the town of Washington or about everyone who works for HMRC—one sometimes gets a flavour of those remarks—are not helpful to a constructive debate. Clearly there have been problems in HMRC, to state the obvious. If Members of this House and members of the public stopped for a moment and wondered how widespread those problems were, they would see that the results are very serious but the causes are a few people who made mistakes. That makes the issue much more difficult to address, but we are starting to do so. A few people were involved and not everyone who works for HMRC, whether or not they include my hon. Friend’s constituents from the fine town of Washington or elsewhere. We need a measured and constructive debate.
There have been 2,000 security breaches in the organisation. The reason why the House and the Opposition are so determined to hold Ministers to account is that a Minister, the then Chief Secretary, the right hon. Member for East Ham (Mr. Timms), told the House in May:
“HMRC take confidentiality very seriously and have robust procedures in place to protect information provided by claimants.”—[Official Report, 18 May 2007; Vol. 460, c. 952W.]
That categorical statement was made to this House by a Minister, but what it says is not the case. There have been further breaches, of which the one in question is just the most egregious. It is therefore for Ministers to take responsibility. The weasel words of the hon. Gentleman and his colleagues do not do justice to the seriousness of the issue.
If the hon. Gentleman will allow me, I will respond to that bluster later in my remarks.
Having talked about process and a constructive debate, we have to be aware of what the hon. Member for Twickenham (Dr. Cable) said in an extremely constructive and helpful speech—I did not agree with every word; Members would not expect me to—about the ease of being wise after the event. The official Opposition must be careful about hindsight, as must we all. I lived in Canada for a number of years and followed the Canadian football league, and I know that there is something called a Monday-morning quarterback. It takes place with 20:20 hindsight, as Sunday’s game is discussed on the Monday and people talk about all the plays that could have been made. That is the benefit of hindsight.
Let us look at the Government’s proposals that now, with hindsight, the official Opposition support. They argue for more houses, transparency in party funding, the benefits of migration and immigration, Islamic finance initiatives, some central control over the botched railways privatisation, police and community support officers, the benefits of flexible working, the NHS being free at the point of use without patient vouchers, passports and all that nonsense, rights for lesbians, gays, bisexuals and transgender people—
Will the hon. Gentleman give way?
No, I shall carry on. Other such issues include maternity leave, paternity leave and adoption leave, the national minimum wage and, on another Treasury matter, the independence of the Bank of England. They say, “Oh yes, with hindsight, we should have had that policy, but Labour got there first.”
The hon. Gentleman perhaps misses the point. Yes, the task was delegated, but policies should have been established and enforced by the Government. Underlying everything, is there not the attitude problem that was highlighted earlier? The attitude problem from the Government is the view that the people are there to serve the Government, rather than the Government to serve the people. Things are done and risks are taken with people’s data for the convenience of the Government and the ease of bureaucracy, when the Government should serve the people.
That is a fine sentiment, but I do not want to get drawn too far down that track. I caution the hon. Gentleman to be a little careful, because I suspect—I do not know, because I do not attend his advice surgeries—that, like me and every other hon. Member, he has many people coming to those surgeries who want the Government to do things for them. In fact, part of the difficulty that we have with a segment of society is its over-dependence on the Government. The way in which that issue is refracted by politicians—this is too often but not always the case—is by their saying, for example, “We have a problem with obesity, let the school sort it out.” There is sometimes too much of a desire from a segment of the population to have the Government do things for them.
I raised the question of hindsight earlier. Did my hon. Friend foresee this problem, as one of the 650 elected Members of Parliament? I did not see it coming, and neither did the Treasury Sub-Committee on which I served, which was chaired by a Conservative Member. Otherwise we would have had the opportunity to call HMRC to account, to visit and question staff, and to delve under the surface of what was happening. Perhaps we should all apologise.
I am not sure that we should all apologise, but my hon. Friend is right. If we were blessed with such hindsight, we would go to the excellent racecourse in Wolverhampton and put on bets on events for which we knew the outcome. I hope that the Treasury Committee and its Sub-Committee will look into the matter thoroughly.
The point is that the Treasury Committee and Sub-Committee are specifically delegated by Parliament to investigate such organisations, so that parliamentarians from different parties can get under the surface of what is happening. Is this not a classic case in which although hindsight is wonderful, if such an investigation had happened in the past few years, the problem might have been identified? Therefore, do we not share a responsibility for failing to have the vision to spot the potential problem?
I agree that we have a shared responsibility, and some people are prone to think that they could have had the foresight to see what might have happened. I hope that the debate will show the House in a good light and as being prepared to look constructively at difficulties in the running of government, with a positive contribution from at least some Opposition Members. I hope that we can give a few pointers for the Committee—or even the Conservative-led Sub-Committee—when it examines the issue.
I had not intended to comment on the debate, because it is untimely and precipitous, given that the inquiry has not reported. However, I remind my hon. Friend that, in the debate on the merger that formed HMRC, several of us raised the implications of staff cuts and management issues, including the Lean system. We have also raised the closure of Inland Revenue offices and the impact on services. Those were indicators of possible problems, and I hope that the inquiry will address those wider issues.
I understand my hon. Friend’s points about staff cuts; he is well informed about such matters through his links with the Public and Commercial Services Union. I understand the concerns about staff cuts, which were also raised by the Select Committee on Work and Pensions, of which I was a member, in the last Parliament. However, from the information of which I am aware—it may be only a small piece of the canvas—it is not staff cuts that have led to the present problems.
It is inappropriate to pre-empt the inquiry, but any inquiry should extend beyond the narrow issue. We know, from HMRC’s staff survey, that morale is at its lowest in its history, or in that of the predecessor organisations.
Order. Before the hon. Gentleman resumes his speech, may I point out that the Chair is encouraged to place time limits on speeches when a sufficiency of Members indicate a wish to speak? On this occasion, the evidence before Mr. Speaker suggested that no Labour Members wished to speak in the debate. No time limit was therefore imposed. I ask the hon. Gentleman to respect the difficulty that the Chair had in judging the situation and be aware that others wish to contribute to the debate.
I am grateful for that very helpful guidance. I have reached the final section of my remarks, which I shall try to keep brief, and I shall not take any more interventions.
As politicians, we have difficulty in coming to grips with the fast-changing world of information technology. I do not say that every hon. Member has that difficulty, but I struggle with it, and from talking to colleagues, I know that they do so as well. Part of the problem is the average age of Members. Much of the information technology around us has come on to the scene while we have been adults. Most Members can deal with e-mails, texting and spreadsheets, but we struggle with the process—the epistemology and methodology. The previous Government struggled with that, and so have this Government in the past 10 years. So have computer suppliers, such as EDS, which has a rubbish record, as I discovered when I served on the Work and Pensions Committee.
The idea that technological transformation will make an organisation more efficient only works if it is accompanied by business transformation. We have struggled with that as a concept. We also have difficulties with the desire for privacy on the one hand—understandably so, as 25 million citizens have had their privacy potentially invaded by the loss of the discs—and on the other by an experience that I suspect we have all had at one time or another of phoning an organisation and, after being kept on hold and told to press various buttons, being asked for information that one has supplied on previous occasions. One often wishes that the organisation had kept that information. The Government have tried the “ask once, use many times” approach that has been adopted by other large organisations, but it is difficult to balance that with the need for privacy. That balancing act is not always got right, and it is something that the House has never really discussed. We talk about whether IT initiatives have cost more than expected or have produced the desired outcomes, but we do not deal with their more philosophical, business transformation aspects.
It takes a problem such as the one that we are debating today to highlight the difficulty that I have described. The House needs to pay more attention to the broader, philosophical background to which the right hon. Member for Charnwood adverted in his speech. We need to deal with the immediate problem, but we should also take a step back so that we can see where our society, in which the Government are a leading player, is going in respect of IT systems and privacy. People may wish that they did not have to give the same information many times, but they also have an overwhelming and understandable desire for privacy when information is held by organisations.
I rise to support the wise words of my right hon. Friend the Member for Charnwood (Mr. Dorrell), and the words of my hon. Friend the shadow Chancellor. My right hon. Friend was right to say that, above all, we are debating a cultural issue. It is a matter of grave concern that HMRC does not regard looking after data as its fundamental duty, and that it does not consider that the customers or taxpayers whom it serves have every right to expect the highest possible standards when it comes to protecting the very important and extensive personal data that they are forced to give to the state, on pain of prison, so that taxes can be calculated and levied.
We are discussing accountability. We have held this debate because we think that the Chancellor of the Exchequer did not tell us enough when he first made a statement to the House—let alone today—and that he did not explain all the details that he knew at that time. The doctrine of ministerial accountability has moved on in recent years, and I welcome that. Twenty years ago, a Minister who had presided over such a major disaster would have offered to resign automatically. There would have been no question about that, but I do not think that it is fair or right for a Minister to resign if a junior official goes against the rules or makes an egregious error about which the Minister can know nothing and whose outcome he or she certainly does not seek. If we were looking in this debate at a single error made by a junior official about which the Chancellor knew nothing, there would be no question to answer under the new doctrine of accountability. However, the contention of my hon. Friend the shadow Chancellor is that we are looking not at one error but at a series of them. Some have said that there have been 2,000 errors of a similar kind, although not all on the scale of the most recent one, but my hon. Friend has contended that it is part of the culture, and therefore possibly a fault of the policy, that such things are happening at all.
That is why I asked the Chancellor of the Exchequer whether, in light of recent events, he had made changes to the procedure and policies that govern the handling of data. He answered that he had made one change. The hon. Member for Twickenham (Dr. Cable) and others did not think that that was sufficient, but the implication of the Chancellor’s reply is interesting, as it suggests that he felt that the existing system was not adequate and needed to be changed. In addition, the Chancellor has appointed a committee of inquiry to see whether the system as a whole needs changing and improving, which suggests that the problem did not arise through one official making a mistake but through a systemic failure inherent in the policy.
The most important error to have occurred has not received enough attention. In March, a similar volume of information was sent in a similar manner. Fortunately, the discs did not go missing, but that event should have alerted the previous Chancellor of the Exchequer to the seriousness of the possible problems that such sloppy data handling could cause. If anyone is culpable, therefore, it is the former Chancellor and his junior Minister responsible for these matters, as they did not respond when things went wrong. Could they have responded? Did they know? We now learn that a senior manager in HMRC was well aware of the error in March, and it does not speak well for the leadership provided by the then Chancellor and other Ministers that that official did not pass on the information to the Chancellor’s private office—or, if he did pass it on, that the former Chancellor and the responsible Minister did not understand its significance, and therefore did not take action.
That brings me back to the question of culture. No one on the Opposition Benches with experience of running Departments or big companies—I have had the privilege of doing both—believes that a single person can possibly know every decision, read every e-mail, or be copied into every transaction. That is why I accept that errors will occasionally be made that are not the wish of the person at the top. Since such errors are not inherent in the policy or culture laid down by that person, I believe that he or she should be forgiven. However, the culture at HMRC did come from the top and it seemed to say, “We do not regard the sanctity of personal data as crucial. We do not think that should be your No. 1 duty.”
I suspect that if we could see more of the relevant e-mail traffic and memos we would discover that Ministers wanted the merger of Revenue and Customs to give rise to a more aggressive Inland Revenue that got more money out of more people, more quickly. Since the merger, I certainly have received many more complaints from constituents, very often to the effect that HMRC has extracted money on rather bogus arguments, or incorrectly. It has then had to return that money. I suspect that the cultural shift that the then Chancellor orchestrated and sent down the line was that he wanted the new merged organisation to be much better at collecting more money from people and companies. If that is the culture being promoted, it is not easily compatible with one that is customer friendly. In a customer-friendly culture, staff would be told, “Your No. 1 priority should be to treat customers well, and that means that you must look after their data.”
Others have said that what has happened demonstrates that the Government cannot be trusted with the wider range of data collected for ID cards. Naturally, I agree: the public are now extremely suspicious of the Government’s ability to handle data and of their trustworthiness in dealing with that information. In the days ahead, Treasury Ministers who want to rescue their ailing position on data handling must demonstrate that they have learned the lessons and that they have put in place a system that will not allow such errors to happen again. However, the evidence from the Chancellor and other Ministers on the Treasury Bench today gives us no sign that we are about to reach that happy situation.
We have been told that one change has been made to the relevant procedure—something to do with the internal post at HMRC. We have heard nothing about encryption, or about reducing the amount of data that can be moved, either on a disc or in some other manner. We have heard nothing about introducing personal couriers to transport such sensitive data, or about reopening discussions with the NAO about how much data are needed and on what basis. My understanding of audit procedure is that it is done by sample, so why on earth were the records of 25 million people sent through the post? Could not a proper sample have been made? We have heard no explanation from Ministers as to why auditors cannot go to the data, rather than the other way around.
It is pathetic that so many days after the scandal was first reported we have not had a straightforward statement from someone on the Treasury Bench about how elementary protections and precautions for data handling and transmission have been put in place. Such defences would be expected in any medium-sized company, let alone a large one. We also need to know why the Chancellor has been so dilatory in coming to the House, and so reluctant to have information dragged out of him. It is apparently fine to share with the world, through the postal system, the unprotected records of 25 million people, but when it comes to data that this House needs—such as where the £25 billion used for Northern Rock, has come from and the asset protection that has been put in place—we are not allowed to have it. When it comes to information on what action the Chancellor plans to take to deal with the data-handling shambles, we are not allowed it even after a full debate and a statement.
The Chancellor’s Department at senior level knew about the problem on 8 November. We are told that it was two days before the Chancellor was told, so that shows that he had not told his staff that such things were important or mattered to him—otherwise they would have told him immediately and not taken the risk. It then took him another 10 days, until 20 November, to come to the House of Commons to tell us what had gone wrong. That does not speak well of a Government who believe in Parliament and think it central to our national life; nor does it speak well of a Government who claim to care about people’s data. If the Government knew 12 days beforehand that the data might have been stolen, and had certainly gone walkabout, why were the public not told and warned then? Why were they not told and warned through the natural route—a full statement to this court of Parliament? That is what should have happened.
The Chancellor’s excuse is that he wanted time to talk to the Information Commissioner. He then tried to blame the banks, although they were told only on the Friday evening. The Chancellor now says that one or two banks wanted a bit more time, but it was hardly sporting of him to take up all the working days of the week, keeping the information to himself, telling the banks only on Friday evening when, no doubt, officials and Ministers wanted to go home and leave the banks with the problem over the weekend.
That reeks of a Government who are after our money but not out to give us service. It reeks of a Government who speak about the importance of democracy but do not treat the House of Commons seriously. It reeks of a Government who claim to value the people of this country but who cannot be bothered to tell them promptly when the Government make a mistake. It is a disgrace and it is high time that Ministers on the Treasury Bench came up with a better defence and some resolute action so that we can be reassured that in future they deserve to handle our data.
I am aware that a number of Members want to speak so I shall try to be reasonably brief. I shall try, too, to follow the example of the hon. Member for Twickenham (Dr. Cable), who gave a serious speech, in contrast to the one we have just heard and the one from the shadow Chancellor.
This is a serious matter that affects half the country, as we have all repeatedly said, and as other Members have pointed out, it raises issues that affect the public handling of confidential data in general. As my hon. Friend the Member for Wolverhampton, South-West (Rob Marris) said, there is a trade-off in all such situations between considerations of efficiency and considerations of security. That is true, too, in private industry. I was in IT management in the private sector for 18 years and we were constantly confronted with that issue.
The instinct of IT professionals throughout the industry, public and private, is to give the user what he wants and, if necessary, cut a corner. That is human nature and we have to recognise it and deal with it. We need clear guidelines for what IT professionals should do in every conceivable situation and who they should address for advice in cases where something unanticipated arises. If they follow those procedures we should protect them.
There is a tendency in the House and elsewhere to describe all safeguards as red tape until they are actually needed, when they suddenly become matters of life importance. We do not often make speeches in favour of red tape, but sometimes we need to point out that red tape is necessary to slow down the action of people eager to provide information they have been asked for, against the wider interest.
I have a few suggestions about the issues that we should focus on. In exchanges with the hon. Members for Twickenham and for Birmingham, Yardley (John Hemming), I made a point about field-level security. The hon. Member for Twickenham responded that it was not a question of how many fields were accessed but of the number of records. In fact, there are three axes: the number of people who can access the database, the number of records in the database and the number of pieces of information—fields—they have authority to access.
Let us consider the parliamentary database and our famous expenses, which the press are always keen to study. It is entirely appropriate that the press can see the field showing our expenditure on correspondence. However, it would not be appropriate for the press to be able to access fields showing individual correspondents—the people we have written to and what we wrote about. That would intrude on the privacy of those individuals.
In a sense, it is a red herring to say that the key issue is whether there is greater security in having one huge central database or a lot of distributed ones, and arguing that distributed databases are more secure. That red herring comes up often in the debate on ID cards. As an IT professional, if I have access to 18 databases, bringing them together to produce a single report is a trivial matter—that is not the problem. The problem is not the central database, but access to the individual data items within it. If someone in the health service, or any other body, has too much access to individual pieces of information, the problem needs to be addressed now; it will not get any worse if we add fingerprints. In fact, it would become less intense, because there would be extra safeguards. However, I agree with Members who suggest that there is a problem in the handling of public data generally: because of the sheer volume of data, we have allowed convenience, and even user-friendliness, to take precedence over individual protection.
My second suggestion relates to limits on mass bulk transfer. In retrospect, we can all say that it is self-evidently absurd that the National Audit Office should want 25 million records. In fact, the NAO denies that it made that request, but as it would obviously be impossible to read 25 million records at that point, an alarm bell should have gone off. However, the fact that it did not is not really the point; the point is that there was no bar to the official concerned saying, “Well, let’s make life easy. We’ll answer quickly and download the lot.”
There should be more red tape and greater protection where large volumes of data are involved. In the narrative the press are trying to construct to show that everything is chaotic, cases have been cited recently of constituents receiving letters with information about one, three or five other people. That is bad and should not happen. However, I think that we can all agree that it is a problem on a different scale. It is the sort of problem that happens under every Government and has happened all the time that public data have existed.
The transfer of mass volumes of data, however, should be authorised at a senior level. I do not just mean that a procedure should be in place; I mean that there should be a technological block. It should not be possible for a junior official, or manager—we can argue all day about that—or anyone beyond the most senior people to authorise the transfer of that volume of data as a one-off operation.
A third point, which the hon. Member for Twickenham made much of, relates to routine encryption. Again, it is a question of convenience versus protection. In view of the shortage of time, I will not go into that in more detail. There is an additional cost if we insist on the routine encryption of everything. There might be a proportionality question, but I am content to leave that to the inquiry.
Fourthly, there should be an escalation of responsibility in exceptional cases. The Government and Parliament should do their best to set criteria for all the situations they can think of, but it should also be part of the standard culture that if someone encounters an exceptional situation they do not say, “I am an IT genius. I know how to get round this.” They should say, “I don’t know what to do in this situation. I’m going to my senior management.” Most IT people accept that culture only reluctantly. The IT instinct is to say, “I can fix it.” That has to be addressed. It is a serious issue at the centre of things.
Finally, as my hon. Friend the Member for Hayes and Harlington (John McDonnell) said, there is the question of staffing levels. We have reduced the staffing levels in HMRC. Her Majesty’s Opposition think that we should reduce them further. It is reasonable to ask whether that process could have gone too far and whether the staffing levels reflect a number more than a detailed assessment and have reached the point at which a certain corner-cutting culture starts to set in. I do not know, because I do not know the detailed operations of HMRC. However, it would be helpful if the people who were looking into the matter were able to comment on that in more detail in the assessment.
I will not go on, simply because of the time limits. I was going to say a lot more, but the House will be relieved to hear that I am going to shut up.
The hon. Member for Broxtowe (Dr. Palmer) will forgive me if I do not follow his argument, but a number of hon. Members have been in the Chamber since the debate began and deserve an opportunity to be heard. I speak as a former Financial Secretary, like my right hon. Friend the Member for Charnwood (Mr. Dorrell), and it is difficult to avoid a twinge of sympathy for the Chancellor of the Exchequer, who finds himself carrying the can for something that happened a few weeks after he entered the Department. In the narrow sense, the Chancellor clearly is not culpable in that he did not put the discs in the envelope. However, the House is interested in the broader questions that have been touched on during the debate and for which Ministers are responsible.
Ministers are responsible for the additional functions that they have placed on the department and the resources that they have given the department to perform those functions. Ministers, who sit at the top of the management chain, are responsible for sending down that chain the right signals to influence morale and performance—a job that they ignore at their peril.
On the first point, Ministers took two decisions. The first was to transfer to HMRC responsibility for child benefit. That responsibility originally rested with the Department for Work and Pensions. The decision gave the Inland Revenue a substantial new management challenge, as well as a cultural shock, because it found itself paying out money instead of collecting it.
Secondly, Ministers merged the two arms of HMRC: the Inland Revenue and Customs and Excise. My right hon. and learned Friend the Member for Rushcliffe (Mr. Clarke) and I looked at that option in the 1990s and rejected it. The client base and the culture were different, and we were not convinced that the economies were there. The Government came to the same conclusion in 2000. In response to the Treasury Committee’s first report on the matter in 2000, the Government said that they believed that the synergies could
“be achieved without the risks, upfront and opportunity costs and structural upheaval which merger would inevitably entail.”
The response continued:
“Thus, while the Government accepts that merger might bring some of the benefits outlined by the Committee, it believes that they can be achieved without the disbenefits of merger through a dynamic and focused programme of closer working.”
In other words, the Government did not think that it was worth the gamble, but four years later they changed their mind.
The Chancellor and the Prime Minister have asserted that my party is somehow implicated in the rushed and botched merger of Revenue and Customs. I have looked at the record of the debates we had when the relevant Bill was going through Parliament. My hon. Friend the Member for Chichester (Mr. Tyrie), who was the spokesman at the time, said:
“Although we did not oppose the Bill on Second Reading, we had a number of major concerns about it. Merging the departments involved is a major change, and we are not convinced that it was given enough consideration by the Government or that its implementation was properly thought through.”
He went on to say that he was
“worried that the measure might prejudice taxpayer confidentiality.”—[Official Report, 6 April 2005; Vol. 432, c. 1520.]
He said that
“the retention of confidentiality…is at the heart of safeguarding…people’s right to privacy and, therefore…their trust in the Revenue service.”—[Official Report, 26 January 2005; Vol. 430, c. 396.]
So when the Bill that merged the two departments went through the House, the Government had been warned that confidentiality was an issue.
The tax credit ingredient was then thrown into the pot, on top of the merger and the additional responsibilities. The Revenue had to run the most complicated financial interface between citizen and state—the tax credit system, which has displaced the Child Support Agency as top of the problems that MPs deal with in their advice bureaux. Ministers must take responsibility for the consequences of new responsibilities and the merger.
That leads me to my second point, which is on resources. In the 2004 spending review, the administration budget for all the Chancellor’s departments was flat in nominal terms. A saving of 16,000 posts was pencilled in. Under the 2007 comprehensive spending review, departmental expenditure limits will decline by 5 per cent. a year for the next three years. That is a challenging settlement. The Chancellor had to pencil in those savings to make the sums add up, but I wonder whether they were thought through, and whether they are really deliverable. The Treasury Committee, which undertook a report on the efficiency savings in the Chancellor’s Budget, concluded:
“Evidence received…shows that the indicators used…to measure the quality of…services are not adequate to assess the experience of service users, and in particular are not adequate to measure the extent to which its services meet the…needs of its…client groups”.
That leads on to my last point about management and morale. There have been all sorts of warnings on that score. The tax faculty of the Institute of Chartered Accountants said:
“We are concerned that post merger the overall management structure of HMRC lacks clarity and focus. The lines of management accountability and responsibility are not always clear, either it seems to HMRC staff or to external stakeholders.”
The Chartered Institute of Taxation gave evidence to the Committee in January, and said:
“we do have concerns about the current position of HMRC and their progress. We see them as an organisation that is under considerable pressure.”
In my view, there is an audit trail involving policy, resources and leadership that leads back to Ministers. They cannot divorce themselves from the consequences of what happened down the line in the post room in Washington.
Finally, what conclusions should we draw? We need to await the inquiry, but I think that we can anticipate what it will say. It will be like other inquiries, such as those on transport or social services: it will say that primary responsibility rests with the individual who breached the regulations, as with the engine driver who went past a red signal, or the social worker who did not insist on seeing for herself the child on the at-risk register. However, those other reports went on to say that the signal was in the wrong place and the driver was not trained properly, and that the social worker had too many cases, but that their manager did not pick up on that. In that way, the trail goes up the management line. My money is on the same type of conclusion being reached in the case that we are considering. The Government have to be cautious about grandiose schemes, pencilling in large savings, major reorganisations, and ignoring warning signals—of which there were many. At the end of the day, the buck has to rest with Ministers, who should not resile from their responsibilities.
Out of respect for other Members, who have been waiting to speak for a long time, I will try to keep my remarks brief. First, I reiterate what other Members have said: we are talking about a hugely serious mistake, and the Government have to take profound measures to ensure that it never happens again. I have to say that I think that my right hon. Friend the Chancellor has demonstrated exactly what good government is by coming to the House and apologising, and by the measures that he put in place to try to prevent any repetition of the problem. I fear that the rather knockabout contributions of Conservative Members, with one or two honourable exceptions, have not done justice to the importance and complexity of the issues.
There is a range of issues underlying the mistake that demands the most serious consideration in the House. The first issue was outlined by the right hon. Member for Charnwood (Mr. Dorrell), who spoke about culture. Why did the National Audit Office need that information and why did it try to obtain it in that way? There are huge questions about whether information was needed on that scale—I do not think that it was—and whether it was appropriate to deliver a disc from HMRC via a courier. One alternative that has been debated is the electronic transfer of information. I do not profess to understand the technology of the systems, but even the technological transfer of information is not absolutely safe or fool-proof. There is therefore a big debate to be had about the relevance of the information and how Government Departments should share it to guarantee its security as far as is humanly possible.
It is quite reasonable to assume that Government Departments will co-operate to ensure that information is shared if they need it to perform their operations. There is obviously a debate to be had about the proportionality of information sharing and the needs of different Departments.
That leads me to the second issue of systems. As a layman, I find it inconceivable that such important and comprehensive information should be stored and transported in that way. We have been assured—and I have no reason to believe otherwise—that it was against correct operational procedure, so it is important to ensure that Government Departments are security compliant with the provisions of the Data Protection Act 1998, and that the Information Commissioner operates effective monitoring systems. That appears not to be the case in this instance.
Thirdly, the balance of independence and responsibility is important. My right hon. Friend the Chancellor has accepted responsibility because the buck stops with the appropriate Minister. We have had a long debate about the appropriate scale of delegation, but HMRC is operationally independent and is headed by the chair of the trustees—the extent of his competence has drawn compliments from Members on both sides of the House—yet things went wrong. Ultimately, is it right for the Chancellor of the Exchequer to be expected to supervise and micro-manage an officer who is generally regarded as highly competent and capable of carrying out those functions? There is whiff of humbug about the contribution of some Opposition Members. I have been a Member of the House for many years, and have heard accusations levelled at the Chancellor, and the previous and present Prime Ministers for micro-managing and interfering in Government Departments. However, when they stand aside and let the professional run those Departments they are criticised for the mistakes that have been made.
The hon. Member for Twickenham (Dr. Cable) highlighted the wider issue of data protection and whether changes need to be made in the light of technological developments in the Government’s delivery of services. What new level of protection, if any, is needed? The hon. Gentleman gave the example of someone who wanted to gain access to their central medical records. The logic of his argument was that if we wanted to guarantee that those records went to the appropriate person, a biometric ID card would be the best way of ensuring that. There is an element of contradiction in the hon. Gentleman’s position.
Like many other hon. Members, I have spent 25 days with the police on a parliamentary police liaison scheme. One of the things that I heard from the police time and again was that ID cards would be a huge boon in helping them to deliver the service that we want. From the response to a question that I asked the Home Secretary earlier this week, it is already evident that biometric identification in passports for foreign nationals living in this country has contributed significantly to reducing the scale of illegal immigration. I ask Ministers not to resile from their position, but to recognise that there are huge data protection issues that need to be addressed before ID cards are introduced.
I shall allow my hon. Friend the Member for South-West Hertfordshire (Mr. Gauke) time to speak, but in the few minutes remaining I want to introduce into the debate a facet that has not yet been mentioned—systemic failure in another department of HMRC: the one that issues VAT registration numbers.
The department has a target of issuing numbers in eight weeks. I shall use as an illustration a constituency case because I believe it to be typical. My constituent, Mr. Prutton, first applied for a VAT registration number eight months ago—I repeat, eight months. Persistent correspondence and telephone calls to the Newcastle office and the complaints department in Newry have got him nowhere. He submitted to HMRC a range of personal data—the application form, a questionnaire, invoices relating to his new business and, most importantly, bank statements. Those are not bank details such as the sort code and the name and number of his account, but bank statements showing movements and balances on his account. He has had no indication from HMRC’s VAT department whether those documents arrived safely, whether his case is being considered or where it has got to.
Clearly, the department is a long, long way off its eight-week target. My office has been pursuing the matter for Mr. Prutton and there have been numerous phone calls to the office of the chief executive of the VAT department. I, too, have got nowhere, apart from promises. This morning, belatedly—
Order. I am sorry to interrupt the hon. Lady, but I think that she is moving beyond the terms of both the motion and the Government amendment. There is a separate issue, I know, about VAT registration delays, but I do not think the case she is making fits in good order with the terms of the motion.
I read the motion quite carefully and thought that I was making an argument for systemic failure in HMRC—I accept the Chair’s advice, of course—and the security of individuals’ data, which is another element of the motion. If you will allow me to continue, Mr. Deputy Speaker, I shall.
If the hon. Lady can steer more in that direction, she may continue. The point about security is the main theme of the debate this afternoon.
I shall curtail my comments even further than I had intended.
May I ask the Minister to do whatever she can to find out where Mr. Prutton’s documents are, whether his case is being dealt with, and whether that is an indication of systemic failure within the VAT department? I received a letter this week from the Federation of Small Businesses suggesting that the problem is widespread and asking for something to be done about it.
In the short time available to me before the wind-ups, I should like to focus on three specific aspects of this shoddy state of affairs. First, I want to speak up for the chairman of HMRC, Mr. Paul Gray, who has been a regular witness before the Public Accounts Committee and one of the few senior civil servants who has been prepared to acknowledge error where it has occurred within his department. He has had to deal with many difficulties arising out of the merger of the Inland Revenue and Customs, to which other hon. Members have referred. In this case, he saw the seriousness of the failure and was accountable in a manner that must be applauded across government and is in stark contrast to the approach taken by some of the other heads of department, on whose watches similar disasters have occurred. In such cases, they have not taken responsibility. Ministers must carefully examine how Mr. Gray has conducted himself and how they are conducting themselves. I applaud him for that.
My second point deals with the sequence of events and responsibility. As my hon. Friend the Member for Tatton (Mr. Osborne) pointed out in his opening remarks, the Government have been quick to blame junior officials. The National Audit Office e-mail exchanges with HMRC, which came out two days after the Chancellor’s statement, are extremely revealing. In contrast to what the Chancellor said earlier, it is clear that there are two aspects to this calamity. The first aspect is that the CDs were put in the post and transmitted contrary to procedure—that clearly should not have happened. The second aspect is the decision to provide sensitive data, which is more fundamental and lies at the heart of this problem.
I understand that the NAO requested a set of data in order to verify its sampling methodology when it came to do the audit of child benefit, because that area of work had been taken within HMRC having previously been done by the Department for Work and Pensions. The NAO sought certain data, but those did not include sensitive data such as bank account details and addresses that would identify individuals. Several people in the department—not just a junior official—were involved in deciding to provide the full set of data.
That is made crystal clear in an e-mail of 13 March 2007 timed at “15:23”. Because of the measures taken to protect the identity of the individuals concerned, we do not know exactly who in HMRC sent it, but we can see that it was copied to one person at the NAO—we presume it was sent to the NAO—and to three people in HMRC, one of whom, we are led to believe, is the process owner for child benefit.
The first sentence of the e-mail states that somebody had
“passed this over to me for my views.”
It is thus evident that consultation was taking place at different seniority levels in HMRC on the issue of how much data should be provided. It continues:
“Your original request was for 100 per cent. scan of the data, and fortunately a scan was complete earlier this year, and we have shared this with you at no additional cost to the department.”
The important bit is the fact that the e-mail goes on to state:
“I know you are meeting with Compliance and KAI colleagues on Wednesday and all your issues regarding data extracts etc should be taken up with them.”
Two other departments in HMRC are involved—quite apart from there being a direct interface with HMRC—in making this decision. The e-mail goes on to say:
“I must stress we must make use of data we hold and not over burden the business by asking them to run additional data scans/filters that may incur a cost to the department.”
That exposes the fact that this was all about saving money within HMRC and not about protecting data. That is where the Government have not come clean in their explanation of why we got into this sorry state of affairs.
In an intervention on the Chancellor, I referred to encryption and data protocols. It is lamentable that Treasury Ministers have not been prepared to tell us that they have undertaken a complete overhaul of data protection procedures in their Department. It would be refreshing if the Minister were prepared to be a bit more forthcoming about exactly what Ministers have asked to be undertaken in their Department. Perhaps she could also explain what distinguishes those procedures from those that were in place before this terrible state of affairs arose.
The Government do not seem to realise the impact of this data loss on our population. There is fury out there that such sensitive data could have been lost. People can no longer trust the Government with their bank details, so how can the Government possibly expect people to trust them with even more sensitive data such as those that will be needed for an ID card? I take no pleasure in saying this, but this Government have lost the trust of the people.
When the House was informed last Tuesday that the entire database of families receiving child benefit had been lost, there was a sense of shock on all sides. Details of every child in the country, details of the bank accounts of 7.5 million families, and details of 25 million people were downloaded on to two discs by a Government official, put in the post and lost. What has become clear in the past few days is the utter inadequacy of the Government’s performance before and after this appalling breach of security.
As we have heard from my right hon. Friends the Members for Charnwood (Mr. Dorrell) and for Wokingham (Mr. Redwood), there is a failure of culture within HMRC in terms of respecting the sanctity of personal data. As my right hon. Friend the Member for North-West Hampshire (Sir George Young) said, Government policies have contributed to the strains put on HMRC. One of those strains, as my hon. Friend the Member for Upminster (Angela Watkinson) pointed out, has been caused by failures in VAT registration applications. My hon. Friend the Member for Ludlow (Mr. Dunne) showed how the information provided by the National Audit Office and the e-mails there put the Government’s position in a very poor light.
There are three elements to the Government’s performance in this matter: incompetence, complacency and evasiveness. First, on incompetence, last week the Government portrayed this security breach as the consequence of the actions of one individual. Before turning to the detail of that claim, let me make it clear that this was no isolated incident of failure. There is a long list of data security failures by HMRC, but its failures are broader than that. Business and professional organisations are damning of its performance, whether it be delays in VAT registrations, problems in filing online returns or inaccurate collection of income tax through pay-as-you-earn—not to mention the disastrous administration of the tax credits system, with billions of pounds being overpaid, billions underpaid and billions lost through fraud and error.
Let me run through some of the examples of data protection failures. In September 2005, the names and addresses of UBS customers were lost. In May 2007, 42,000 families’ tax credits and bank details were lost. In August 2007, the details of 400 people were left on a laptop in a stolen car and lost. In October 2007, HMRC lost a package containing six discs that went missing in the post. In November 2007, it emerged that HMRC had lost a CD-ROM containing confidential data on 15,000 Standard Life customers. The loss of child benefit data is clearly not a one-off. Losing data appears to be part of the culture of HMRC. It does not mean to, but it is like the England football team adopting route one tactics or the Labour party getting embroiled in funding scandals. HMRC appears to be unable to stop losing data on a regular basis; it has form.
That brings me to complacency. On every occasion that data are lost, up pops a Minister to declare that it will not happen again—that it is a one-off. To be fair to the Chancellor, this time he did not say that, but that is what usually happens. Then they say that procedures are being reviewed urgently. We are always told that HMRC takes confidentiality very seriously and that it has robust procedures to protect information, yet still, within weeks or months, another breach occurs. Can Ministers honestly say that they are confident that another security breach is not on the cards? Are they confident, for example, that the tax credits database is secure?
Let us return to this particular security breach. What was the Chancellor’s first response? Reasonably, he immediately instructed that comprehensive searches be carried out of all premises where the missing data might be found—fair enough. One might have thought that HMRC would have thought of that, but it is a reasonable first response. Given the seriousness of the breach, and the urgent need to recover the discs, one might have assumed that the instruction would not just have been issued immediately, but implemented immediately. Indeed, the Chancellor told the Commons that he asked for an immediate investigation to be initiated that weekend. But what the Chancellor did not tell us—we learned this only with the release of the NAO briefing paper last Thursday—was that it appears that NAO searched its offices for the first time seven days later, on Saturday 17 November. If I am wrong, I am happy to be corrected. If that constitutes an immediate investigation, no wonder satisfaction with HMRC is so low.
While HMRC delayed the undertaking of a proper search, what did the Chancellor do? The Government have consistently emphasised that there was no evidence of fraud as a consequence of the missing discs, as far as we know, but remember that at that time they did not know that because they had not spoken to the banks. There was a distinct possibility at that time that the discs were in the hands of fraudsters, and for all the Government knew, millions of pounds could have been being stolen from 7.5 million bank accounts. The Chancellor failed to tell the institutions that could do something about it—the banks—to prevent that from happening on the Monday, Tuesday, Wednesday, Thursday or for most of the Friday.
For four days, the Chancellor left our bank accounts vulnerable simply because he hoped that our discs would turn up, and only told the banks late on the Friday. The Chancellor would not, or could not, recognise the seriousness of the situation and take immediate and necessary steps to protect our security by letting the banks know. What is the Chancellor’s response today? Sensitive data will be sent to third parties only with the consent of senior officials. But we know from the NAO e-mails that senior officials consented to the transfer to third parties when such a breach happened in March 2007, so today’s announcement takes us no further on at all.
Let us look at evasiveness. Despite the Chancellor’s protestations today, it was clear last week that the Government’s case was that one junior official was to blame. The procedures were clear, but they were breached by a 23-year-old junior clerk, acting on his own. That was the impression given. He was left hung out to dry, treated no better than the deputy leader of the Labour party. But we now know that HMRC officials were involved in an e-mail exchange about sending the full child benefit data to the NAO, including the
“process owner for Child Benefit”—
a senior manager. It is clear from that e-mail exchange, as my hon. Friend the Member for Ludlow pointed out, that despite the requests of the NAO to strip out details relating to bank accounts, HMRC did not do so because of cost, and a number of HMRC officials, some of them quite senior, knew that to be the case. A HMRC manager—not an official, as the Chancellor said—made the decision to provide the full data.
At no point in the Chancellor’s statement last week was that made clear. The Prime Minister said it was a matter of procedures being in place, but not followed. He said that the manual of protective security stipulated that any data sent out should have been encrypted. However, as The Sunday Times pointed out in its investigation, officials in the child benefit office
“had not even heard of the Manual of Protective Security, let alone been trained in its strictures”.
An IT expert, Andrew Beckett, pointed out:
“The manual does not say which information should be encrypted. It's up to the senior responsible officer to determine the impact level of the information being compromised.”
What happens in practice? We learn that private financial firms and advisers regularly receive CDs containing unencrypted sensitive personal data. Legal & General, Norwich Union and Prudential all said that that happened last week. Let us get some straight answers. How many officials had access to the child benefit database? How many officials had authority to download it? How often were data sent out from Washington encrypted and unencrypted? Are other databases, which the NAO examines, such as the income tax pay-as-you-earn database, provided in the same way? How many officials knew that the full database was being sent to the NAO? How senior were the officials? Why did the Chancellor inform the banks six days after finding out about the breach?
The Government’s explanations have unravelled. When the public have demanded openness and honesty, the Government have been evasive. When the crisis demanded decisiveness, the Chancellor dithered. When the country needed competence, the Government and HMRC were a shambles. Not only two computer discs, but the Government’s credibility has been lost. For all the attempts to blame one young clerical assistant, the British public know where the blame lies—with the Government. I urge the House to support the motion.
I appreciate that the subject of this debate concerns the House, and I thank all those who have contributed. Before I consider the detail of the discussion, let me say to the hon. Member for Upminster (Angela Watkinson) that I will look into the constituency case that she raised and deal with it outside the debate. That is probably the appropriate response.
Let me quickly thank my hon. Friends the Members for Colne Valley (Kali Mountford), for Wolverhampton, South-West (Rob Marris), for Broxtowe (Dr. Palmer) and for West Bromwich, West (Mr. Bailey) for participating in the debate, bringing to it great knowledge and dealing with it in a much more measured manner than some Opposition Members. The subject should be approached with the utmost seriousness.
The motion asks for an explanation of how the security breach occurred. My right hon. Friend the Chancellor set that out in his statement to the House on 20 November. He has been absolutely consistent and accurate in his comments in the House last week and today. The hon. Member for Tatton (Mr. Osborne), the right hon. Member for Wokingham (Mr. Redwood) and the hon. Member for South-West Hertfordshire (Mr. Gauke) are entitled to be indignant, but they should recognise what I believe all fair-minded Members would acknowledge: my right hon. Friend the Chancellor has the deepest respect for the traditions of the House, especially in how he deals with it as a Minister. My hon. Friend the Member for West Bromwich, West acknowledged that, for which I thank him.
As my right hon. Friend the Chancellor said, we do not have all the information that we need to establish what went wrong and how two discs containing highly sensitive and personal information came to be missing. That is why Kieran Poynter’s report is so necessary.
The hon. Member for Tatton asked about letters and the competence with which they had been issued. Her Majesty’s Revenue and Customs send out more than 7 million letters. That is a big logistical exercise. Up to close of business on 26 November, the child benefit helpline had handled approximately 39,000 calls from customers who were concerned about the data loss. However, it might be of interest to hon. Members to know, by way of comparison, that HMRC contact centres received on average 150,000 calls a day throughout 2006-07 on all their lines of business. That puts in perspective the way in which the public have rightly been able to access call centres to gain advice about their details.
We are not aware of the specific case of the letters that the hon. Member for Tatton mentioned. If what he said is true—I have no reason to doubt it—HMRC regrets that it has happened in a small number of cases. The details in the letters are not sufficient on their own to establish identity in order to open a bank account, claim benefits or in any way abuse an individual’s identity.
The motion asks what policy changes will be introduced to protect the public in future. First, HMRC has immediately communicated to all staff three key steps that must be followed. Transfers must take place only if they are absolutely necessary, written authorisation for the transfer must be given by a senior HMRC manager and a clear instruction must be given regarding the appropriate standard of protection for the transfer. Where directors decide that a data transfer by disc is absolutely unavoidable, such media must in every case be securely encrypted at the appropriate level. Those changes are already in place.
Will the Financial Secretary give way?
I am not sure that the hon. Gentleman has been present throughout the debate. I have a limited amount of time, so if he will permit me, I shall press on and try to respond to some of the serious and thoughtful contributions that have been made.
Secondly, Kieran Poynter, the chairman of PricewaterhouseCoopers, has agreed to undertake an independent review of our data-handling processes in HMRC. His report will be ready by 14 December. Thirdly, the Prime Minister immediately gave the Information Commissioner additional powers to undertake spot checks in relation to Government buildings. I was glad to see that step being taken. The Prime Minister has also asked Gus O’Donnell to ensure that all Departments’ and agencies’ procedures are being implemented in full and to identify where improvements can be made. I hope that that will serve as the reassurance that the hon. Member for Twickenham (Dr. Cable) asked for earlier.
The final part of the Opposition motion asks what policy changes will introduced to protect the public. Again, HMRC put in place immediate steps to improve data security. We have undertaken comprehensive steps to protect customers, to find the missing data and to ensure that the lessons are learned and that all efforts are being made to ensure that such a loss can never happen again.
A number of hon. Members raised proper questions on the steps that we are taking on encryption. It may be of interest to the House to hear what has been done. HMRC has established a central team to handle encryption on behalf of the organisation, to ensure that the proper deployment of encryption is used at the appropriate level. All bulk transfers of sensitive data using CDs are being encrypted and password protected where necessary. Those procedures were implemented on 21 November. [Hon. Members: “Ah!”] Hon. Members wanted to know what had been done in response and I am explaining what has happened. HMRC has removed the facility for staff to use CDs and other removable media, and only in exceptional circumstances and on approval at director level, as I have said, are staff given access. HMRC is also investigating the electronic transmission of data. It is consulting with the British Bankers Association and currently undertaking further talks to agree standards for and methods of deploying electronic transfers.
I thank the hon. Member for Ludlow (Mr. Dunne) for his comments about Mr. Paul Gray. I agree with the hon. Gentleman that Mr. Gray has given distinguished service to more than one Whitehall Department, as my right hon. Friend the Chancellor acknowledged last week. The hon. Gentleman went into detail about the three e-mails and about what they do and do not say. I say to him and every other hon. Member who has raised the matter that three e-mails do not tell the full story. That is why it is entirely appropriate that we wait for the inquiries. After that, the House will be able to judge the detail of what has happened. It is not a question of lack of resources or staff cuts; the breach of security should not have happened and there is no excuse for it. I am confident that had the procedures that were already in place been followed, the data would have been protected.
The hon. Member for Twickenham made a sensible and thoughtful speech. I have responded to his point about encryption, although I do not accept his point about a lack of scrutiny across government. I hope that the work that Gus O’Donnell is undertaking will ensure that the concerns that the hon. Gentleman raised are properly dealt with.
The right hon. Member for Charnwood (Mr. Dorrell), who gave the most distinguished service as a Cabinet Minister and for whom I have the highest regard, made perhaps the most serious speech to which I am going to respond. I hope that he will accept that my right hon. Friend the Chancellor and I have been entirely focused on what should be the proper way for data relating to customers of Her Majesty’s Revenue and Customs to be respected. I agreed with a large part of his criticism. As I have said, procedures were in place. It is not the case that there is a systemic disregard right across Her Majesty’s Revenue and Customs for the protection of customers’ details. If the procedures that are in place had been followed, we would have safeguarded the confidential information that was requested by the National Audit Office. I know that the staff of Her Majesty’s Revenue and Customs are horrified at the failure that we have disclosed to the House.
I know that the House is very concerned about the nature of what we have been debating today. I should like to leave hon. Members with a quote on the question of whether the merger should ever have happened. This also brings me to the final speech to which I wish to respond, that of the right hon. Member for North-West Hampshire (Sir George Young), whom I also admire very much. Mr. Jeffrey Owens, the director of the centre for tax policy and administration of the Organisation for Economic Co-operation and Development, has said the following in conversation with my office, and he is prepared to allow me to use this quote:
“The allegation that the merger of the Inland Revenue and Customs and Excise was a mistake is completely unfounded. The merger was the right thing to do and other countries that have taken this route have found that once the merger has bedded-in, real benefits start to flow through. In fact, out of the other 30 OECD countries there is only one that hasn’t adopted this approach. Comparing the UK to the other OECD countries”—
On a point of order, Mr. Deputy Speaker—
Order. I think that the right hon. Lady has perhaps anticipated the hon. Gentleman, if she has completed the quotation and her speech.
Can I just finish the quote, Mr. Deputy Speaker?
In the spirit of the occasion, yes, if the right hon. Lady will do so briefly.
Jeffrey Owens’ very last comment is:
“Comparing the UK to the other OECD countries, it is quite clear that HMRC is one of the lead tax administrations, both in terms of service delivery and enforcement.”
I shall await the inquiry, as I am sure will the rest of the House.
Question put, That the original words stand part of the Question:—
Question, That the proposed words be there added, put forthwith, pursuant to Standing Order No. 31 (Questions on amendments), and agreed to.
Mr. Deputy Speaker forthwith declared the main Question, as amended, to be agreed to.
Resolved,
That this House approves of the decisive action taken by the Government when it became aware of the data loss by HM Revenue and Customs, including the collaborative work undertaken in association with the UK Payments Association, the British Bankers Association and the Building Societies Association and through them individual banks, building societies and other financial institutions which enabled them to put in place appropriate safeguards and monitor any irregular activity; welcomes the decision of the Chancellor of the Exchequer to initiate an urgent investigation by the Metropolitan Police and his appointment of Mr Kieran Poynter to conduct an independent review of HM Revenue and Customs’ data handling procedures; acknowledges the steps which have already been taken to improve the department’s data transfer processes; and notes the Chancellor’s assurance that he will keep the House fully informed of further developments.
DEFERRED DIVISION
I now must announce the result of a deferred Division on the motion relating to the global navigation satellite system and the European Institute of Technology. The Ayes were 267, the Noes were 201, so the motion was agreed to.
[The Division List is published at the end of today’s debates.]