Skip to main content

Revenue and Customs: Security

Volume 488: debated on Wednesday 25 February 2009

To ask the Chancellor of the Exchequer how many breaches of security have occurred at HM Revenue and Customs in the last five years; and what procedures are followed when a breach of security relates to personal data. (250731)

[holding answer 26 January 2009]: HMRC uses the term ‘security incident’ to relate to a wide range of security breaches, including unlocked cupboards or drawers within a locked building as well as losses, theft, suspicious behaviour and vandalism. These incidents also include near misses, which are monitored to identify potential weaknesses so that they can be put right. HMRC takes every security incident report seriously and deals with each one in accordance with its departmental guidance and procedures.

Since HM Revenue and Customs’ creation in April 2005 there have been a total of 11,266 reported security incidents among approximately 90,000 staff. HMRC has improved centralised control mechanisms and raised staff awareness about the importance of data security and the need to report all incidents.

All incidents relating to personal data are investigated by senior managers within the responsible business area and incidents designated as serious are elevated to director level and to relevant external authorities if this is required. This system was introduced in August 2007, since when only 3.6 per cent. of all security incidents have been classified as serious.