Skip to main content

Revenue and Customs: Loss of CDs

Volume 696: debated on Wednesday 5 December 2007

asked Her Majesty's Government:

Whether the compact disc lost by HM Revenue and Customs en route from Newcastle to Edinburgh containing information on 15,000 Standard Life customers was encrypted; and [HL198]

How many compact discs sent by HM Revenue and Customs have been lost during 2007; and [HL199]

What steps HM Revenue and Customs have taken to prevent the loss of compact discs in transit in the future. [HL201]

On 13 November HMRC initiated immediate increased security with a new process:

transfers will now take place only if they are absolutely necessary;

written authorisation for the transfer has to be given by a senior HMRC manager; and

a clear instruction has been given regarding the appropriate standard of protection for the transfer.

Where directors decide that a data transfer by disc is unavoidable such media must, in every case, be securely encrypted at the appropriate level.

On 20 November the Chancellor announced an independent review of HMRC's data-handling procedures to be conducted by Kieran Poynter, the chair of PricewaterhouseCoopers.

asked Her Majesty's Government:

Why Standard Life customers whose data was on the compact disc lost by HM Revenue and Customs were not notified until a month after the loss was reported.[HL200]

It was reported to HMRC in late September that the CD had not been received. Action was taken immediately to establish with the external courier and the data production/dispatch areas within HMRC whether the discs were still in their possession. The courier was also requested to make extensive searches throughout all its depots. Once it was established from the courier that the data were definitely lost, steps were taken to issue letters to customers.

asked Her Majesty's Government:

With regard to the two information discs which went missing during transportation between their offices, and which were the subject of a Statement in the House, whether passwords were written on the discs or available in the packaging; and, if so, whether this is current government procedure. [HL489]

It would be inappropriate for me to provide information relating to this issue at this stage, as there is an ongoing Metropolitan Police Service investigation.

On 20 November the Chancellor also announced an independent review of HMRC's data-handling procedures to be conducted by Kieran Poynter, the chair of PricewaterhouseCoopers.

asked Her Majesty's Government:

What steps they have taken to improve security for discs carrying confidential government information during transportation between departments. [HL490]

Government policy requires that departments,

“handle personal data in ways which incorporate appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss or destruction of or damage to such data”.

Procedures for the security of discs carrying sensitive data, along with all other relevant procedures, will be examined as part of the reviews announced by the Prime Minister on 21 November (Official Report, col. 1179.)