[holding answer 27 November 2007]: The latest review of the security procedures for accessing child benefit IT systems forms part of HMRC’s Internal Audit Annual Programme for 2007-08. Preliminary work on this review began in June 2007 prior to the child benefit data loss incident in October 2007 and will be ongoing until March 2008.
On 20 November, the Chancellor announced an independent review of HMRC’s data handling procedures by Kieran Poynter, chair of PricewaterhouseCoopers. The interim report was published on 17 December and is available in the Library of the House.
I also refer the hon. Member to the remarks I made on 28 November 2007, Official Report, column 344 setting out the three key steps all staff in HMRC must now follow for bulk data transfers.
Of the letters HMRC sent to every affected household, only 1.4 per cent. were returned because the address held was not current.
At any given time there will be a small minority of households for which HMRC do not hold up-to-date addresses. Some 10,000 people move house each week and there can often be a delay in claimants informing HMRC of their change of address.