Skip to main content

Revenue and Customs: Data Loss

Volume 697: debated on Monday 17 December 2007

My Lords, I beg leave to repeat a Statement made by my right honourable friend the Chancellor of the Exchequer in another place. The Statement is as follows:

“Mr Speaker, with your permission I should like to make a Statement on the progress report by Kieran Poynter, chairman and senior partner of PricewaterhouseCoopers, into the loss of child benefit records at HM Revenue and Customs. Before I turn to that, I can confirm that the police investigation continues. While the searches are drawing to a close, their inquiry is not yet complete. However, the police have reiterated that they have no information or intelligence that the data have fallen into wrong hands. They will keep that under review.

“The banks, too, say that they have found no evidence of any activities suggesting fraud arising from this incident. They continue to monitor closely the accounts concerned so that they can see immediately if there is any unusual or irregular activity. As I have told the House previously, the majority of accounts into which child benefit payments are made are with a small number of banks and these banks have checked them back to 18 October, the date the missing data were posted. There are no reports of any activities suggesting increased fraud attempts deriving from the incident.

“I deliberately gave Mr Poynter wide-ranging terms of reference because of the seriousness of this loss, together with my concern about previous losses of data which I referred to in my Statement on 20 November. Mr Poynter started his review on 23 November, just three weeks ago, and as he says his work is far from complete and his conclusions will develop as that work progresses. Inevitably, therefore, this report is short, but I said last month that I would return to the House when it became available. A copy has been placed in the Vote Office in the usual way.

“Kieran Poynter sets out the work he has put in hand. He says that he has given priority to the immediate steps Revenue and Customs must take to protect data security. Revenue and Customs has already put in place a number of measures. Mr Poynter says that these are measures that he would have recommended, and which his report sets out. As Mr Hartnett, the acting head of Revenue and Customs, said to the Treasury Select Committee on 5 December, they include the imposition of a complete ban on the transfer of bulk data without adequate security protection such as encryption, as well as measures to prevent the downloading of data without adequate security safeguards. In addition, Revenue and Customs disabled all the personal and laptop computers it uses to prevent the downloading of data on to removable media. Those computers will only be reactivated at the approval of a senior manager for a specific business-critical purpose.

“Mr Poynter has also begun his investigation into exactly what happened in relation to the loss, but he makes the point that there are more inquiries to be made, more interviews to be carried out and greater examination of the evidence available. As he says, it would be wholly inappropriate for him to draw final conclusions until his work is completed.

“Mr Poynter also draws attention to the general responsibilities and accountability in HM Revenue and Customs. These issues are also referred to in the capability review into HM Revenue and Customs carried out by an independent panel overseen by the Cabinet Secretary. The House will be aware that this review was commissioned as part of a general review, announced in July 2006, of the strengths and weaknesses of all government departments. The Revenue and Customs review is published today, along with that for the Treasury and updates for four other departments. I am also publishing Revenue and Customs’s autumn performance report.

“The capability review identifies a number of important strengths of Revenue and Customs, including a proven ability to bring in the money to fund public services while driving down its own costs and delivering greater efficiency. It refers to committed people with honesty and integrity, and with clear desires to transform and improve. The review also highlights a number of areas where improvements are needed, including the necessity to set up a simpler structure and clearer accountability, improving confidence and strengthening management information. The acting chairman agrees, and is announcing proposals to put in place a simpler organisational structure with clearer accountabilities which, as Mr Poynter says, will make it easier to implement recommendations on data security as his review progresses.

“I said in my Statement that the Prime Minister had asked the Cabinet Secretary to ensure that every government department checked its procedures for the storage and use of data, and to make recommendations on how to improve data-handling procedures across government. His interim report is also published today, alongside a Written Ministerial Statement by the Minister for the Cabinet Office.

“The Prime Minister has already announced that the Information Commissioner will have the power to conduct spot checks on departments. There will now also be new sanctions under the Data Protection Act for the most serious breaches of its principles, which will take account of the need not only to provide high levels of data security but to ensure that sensible data-sharing practices can be conducted with legal certainty. We will consult early in the New Year on how that can best be done. The report also sets out a range of other measures.

“Revenue and Customs and, before it, the Inland Revenue and Customs and Excise have served successive Governments well. Their staff are dedicated and hard working. However, the loss of these data was extremely serious and should not have happened; again, I apologise to everyone who has been affected.

“As I told the House in November, the loss of these data together with losses in previous incidents mean that a wide-ranging review is necessary so that lessons could be learnt, procedures tightened and security improved.

“Mr Poynter tells me he expects to conclude his work in the first half of next year and I shall report back to the House when I have his final report. I commend the Statement to the House”.

My Lords, that concludes the Statement.

My Lords, I thank the Minister for repeating the Statement made by the Chancellor of the Exchequer in another place. The Minister must be very grateful that there is only one more day until the Christmas Recess and that this is probably the last time that he has to appear to put on a brave face to cover the incompetence of the Chancellor and the Chancellor's departments—for this year at least.

Four weeks ago, the Chancellor had to admit that HMRC had managed to achieve the largest-ever loss of personal data on some 25 million people in 7.5 million families. That Statement, dreadful as it was, was not the whole truth. It said that the release of data was carried out by,

“a junior official in HMRC”.—[Official Report, Commons, 20/11/07; col. 1101.]

But we now know that the junior official was a manager among the top 4 per cent of staff in grade terms in HMRC. Furthermore, an even more senior person, the child benefit process owner, was well aware of the fact that unencrypted personal data were being supplied in industrial quantities to the NAO.

The Chancellor also said that he had delayed informing the public and Parliament about the data loss because the banks,

“were adamant that they wanted as much time as possible to prepare”.—[Official Report, Commons, 20/11/07; col. 1102.]

The British Bankers’ Association immediately issued a press release to say that it had not been asking for a delay. While the Chancellor admitted to some other major lapses in data security this year, he did not own up to all of them. He did not say that there were 2,111 security breaches a year at HMRC. He did not spell out that the lost discs contained data that were not encrypted or that encryption was not a routine HMRC procedure.

We looked forward to learning more today in the interim report of Mr Poynter, but were disappointed at the lack of hard facts. Is Mr Poynter working alone or is he allowed some support? Will the Minister say how much this review has cost to date and what it is estimated to cost in total?

The big question for us is whether the failings at HMRC were systemic. The Chancellor has said that they were not, but Mr Dave Hartnett, the acting chairman of HMRC, when he gave evidence to the Treasury Select Committee in another place, said that the failings may well be systemic. Indeed it is difficult to find any explanation other than systemic failure to account for the fact that the letters sent out after the event also revealed personal information and not all were correctly addressed.

We continue to have the gravest concerns about the culture of HMRC. It was created at the behest of the Prime Minister when he was Chancellor to generate cost savings. We warned at the time of the Commissioners for Revenue and Customs Bill about the difficulties of such a large merger and were unconvinced by the responses.

The published e-mail exchanges between the HMRC official who released the information and the NAO are informative. The NAO had pointed out that it did not need the quantity of data that was actually sent and asked for a smaller, non-confidential data set. The HMRC man replied:

“I must stress we must make use of the data we hold and not over burden the business by asking them to run additional scans/filters that may incur a cost to the department”.

The assessment and collection of taxes is not a business. HMRC’s language does not acknowledge that tax assessment and collection is a public service; and with that may go a lack of awareness of the obligations that go with public service. In addition, I believe that it has subsequently been established that the cost referred to was about £5,000. What kind of organisation puts the security of data about 25 million people at risk for £5,000?

The HMRC capability review is also published today and not before time. It talks, as does the Poynter review, about setting up a simpler structure with clearer accountability. It is full of management-speak—performance management, strategic frameworks, customers and process improvement—but there is nothing about public service. Is the Minister sure there is no issue of culture to address? Structures are fairly easy to deal with, but changing culture is infinitely harder and change cannot start until the problem has been recognised.

The Chancellor appointed Sir David Varney as the first chairman of HMRC. He was a businessman with a sound reputation in the commercial world. He set up the structures that are now to be changed. He had already left when the data loss disaster struck and his successor appeared to pay the price of failure. I say “appeared” to pay because Mr Paul Gray may have resigned as chairman of HMRC but he is still being paid in full somewhere in the Cabinet Office. Meanwhile Mr Varney is now the Prime Minister's adviser on transformational government. God help the rest of government from being transformed like HMRC.

It remains a fact that the discs have not been found despite a huge police exercise to find them. Will the Minister say how much the police exercise has cost to date? The Information Commissioner has made it clear that he wants far greater powers to help him to enforce high data-protection standards. Our Data Protection Act does not even give the Information Commissioner full power to pursue issues in contravention of EU law and the structure of offences is weak. The Information Commissioner is being fobbed off with a non-statutory ability to carry out spot checks on government departments, which is simply not good enough.

The interim report on data-handling procedures in government also released today holds out the prospect of new sanctions but in the same breath says that this has to ensure sensible data-sharing practices. When are the Government going to see that they have already gone too far? For good reason public opinion has shifted sharply against national identity cards and the related register. The Government must now put data security above all else or they will forfeit public trust. This Statement and its accompanying flimsy documents are no more than a smokescreen. We have learnt little that is new and some big questions remain unanswered. The Minister said that Mr Poynter would be reporting in the first half of next year. Would he give a little more precision about when he can return to the Dispatch Box to give us some answers?

My Lords, I thank the Minister for repeating the Chancellor’s Statement. I agree with the noble Baroness, Lady Noakes, that he must be extremely grateful that this is the last time this year that he has to appear before your Lordships’ House to make such a Statement. I am sure all noble Lords would want to wish the Minister a happy and relaxing Christmas in view of his recent exertions and a relatively disaster-free new year, although on recent evidence I am not sure that he can necessarily look forward to that. As well as the issue we are debating today—and we have been spared this in your Lordships’ House—a Statement is being made in another place at 5.30 pm about the almost laughable further misplacing of information by the DVLA. There are two sequential Statements in Parliament today about the loss of data held by government. I doubt whether this has ever been the case before. We certainly have no cause to believe that this endemic failure is being resolved by Mr Poynter’s review or anything else.

If there is one lesson which jumps out from all the evidence we have seen about the incompetence of the Government in this area, it is that there is no way that they should now be proceeding with even more centralisation of valuable personal data, whether it be for a compulsory ID card scheme, the DNA database or the NHS case records system.

The Government are basing their defence of their behaviour here on the distinction between systemic failure, which is the fault of Ministers, and procedural failure, which is the fault of officials. Needless to say, they have come down on the side of this being a procedural rather than a systemic failure. However, is it not the case that in recent years pressure within Whitehall, happily supported by Ministers, has been for ever greater information-sharing across government, whatever the confidentiality problems? A generation ago, when I worked at Customs and Excise, we were not allowed to share information with the Inland Revenue on the basis of taxpayer confidentiality. Arguably, that went too far in one direction but, equally, I think that very few people could now doubt that the pendulum has swung too far the other way.

The noble Baroness, Lady Noakes, referred to the work that Sir David Varney is undertaking on so-called transformational government. This seems to mean removing barriers to information-sharing within the public sector, the practical consequence of which could be to magnify many times the damage done by information losses of the kind experienced by HMRC. Will the Government now ask Sir David to pause and think further about whether government and the country are ready for further transformation along the lines of the recent disasters?

On the specifics, HMRC has now apparently agreed which data are to be encrypted and which are not and it has also agreed to a clear procedure for ensuring that that is done. In that regard, can we be assured that the Government have sought and gained the support of the big computer companies which dominate the operation of IT in HMRC and other departments? On that subject, and to return to something that I raised when we debated these issues earlier, surely it is now imperative that the gateway reviews on the external use of IT companies are published. Can the Minister confirm that the Government will no longer block in the courts publication of these reviews?

Can the noble Lord also explain why Ministers have been blocking reasonable questions about security within government? Why, for example, have the Government refused to answer simple factual questions raised by my colleague in another place, the honourable Member for Falmouth and Camborne, about whether departments have existing protocols governing data exchange within and between government departments and agencies such as HMRC? The obfuscation leads to the obvious conclusion that they have no such protocols and are trying to conceal the fact. Can he put pressure on the Cabinet Office to release any such protocols?

Two minor but irritating issues have arisen in recent days. Can the Minister explain why the helpline for families who are worrying about HMRC data losses is on an 0845 number? The misuse of 0845 numbers as a revenue source for government departments has been a growing scandal to which there has been no satisfactory response. It is highly unsatisfactory that an 0845 number is being used in this case.

Finally, is the Minister aware that the many millions of letters which were sent out apologising for the loss of personal data themselves unnecessarily included a great amount of personal data, including national insurance numbers? As, according to the Courts Service, 8 per cent of all official letters go astray, are not the Government just compounding the error of their earlier disaster with another initiative which uses personal data needlessly and in a way that could lead to their misuse?

This is another sad Statement by the Government. So far, the Poynter review has not answered the questions that we need to be answered before we and, more importantly, the public can feel satisfied that personal, confidential information is being dealt with acceptably by the Government. Together with the noble Baroness, I ask the Minister when we can expect, if not a satisfactory conclusion, at least a conclusion to the Poynter review.

My Lords, I am grateful to both noble Lords for their contributions and for their seasonal good wishes, which I reciprocate in the terms in which they presented them to me. I hope they recover from their trials and tribulations ready for next year.

With regard to the interim review, Poynter confirms that what the Chancellor said in his Statement to the House was entirely accurate with the data then available. There have been subsequent developments, but there is no question of any challenge to the Chancellor’s good faith in presenting to the House with total accuracy all the information that he had available at the time. Poynter is looking at how to improve security using encryption and other strategies. It will be recognised that HMRC took action immediately to ensure that restrictions were in place. The Poynter report emphasises that he entirely agrees with the prompt way in which the department acted and with the measures that it has taken.

The noble Baroness said that the new acting head seemed to indicate that the errors were systemic. Noble Lords who have been before Select Committees in the other place will know that challenging questions are presented and responses are given in good faith. If we look at the context in which Mr Hartnett was responding to those questions, it is clear that he had an open position on whether the errors were systemic. He did not know at that time. He was all too well aware that that is exactly the kind of issue that the Poynter report is meant to identify and which it is in the process of identifying. Mr Hartnett was not ruling anything in or out. How could he when we still awaited a full investigation of what had gone on?

The noble Baroness asked me to identify the costs of the process. I cannot do that at this stage. This is an interim report supported by a sophisticated level of efficiency, as the noble Baroness would wish. The costs involved will become clear when the final report is due, but no one would expect that at this interim stage we can identify the costs involved in this exercise. An element of cost that we can discuss is whether the culture of the department has changed significantly. It is somewhat striking that the party opposite suggests that it has never dreamed of anything that bears down on costs, improves efficiency or introduces new managerial techniques into the Civil Service and that as far as it is concerned this is a wilful Government who pursue aims that it does not follow. That party is for ever berating this Government on the costs of government and emphasising the excessive degree of red tape, which it regards as excessive bureaucracy, yet when we make a strategic change to a major department—a change that is now being reviewed by the Cabinet review which can see no evidence that there was a loss of efficiency through the merging of the departments—it suggest that somehow the Government are at fault. I entirely refute that proposition.

It is important that we recognise that there was a significant failure, for which due apology has been made. Lessons have to be learnt from it and those lessons have to be acted on. Poynter identified that in the most important part of the interim report. If the noble Baroness can contain her impatience until after Christmas, in due course we will get a full report from that highly qualified individual, who will give the Government the best advice from a full analysis of what went wrong. Far from it being a smokescreen, as the noble Baroness indicated, it would be absurd to suggest that in the space of three weeks Poynter could have analysed fully what went wrong in the department and have provided a full account of what needs to be done in the future. Of course the report is significant, not least because Poynter has been working against a background of an intensive police investigation. Indeed, not even the police have been able to conclude their inquiries at this stage, such is the complexity of the issue.

I want to emphasise in response to the noble Baroness that in his previous Statement the Chancellor presented the full facts as he knew them, that the department acted immediately to repair the damage regarding its procedures in such a way that the interim report from Kieran Poynter can confirm the efficacy of its actions, and that Poynter is involved in a systematic analysis of the department so that we will learn the full extent of changes that need to be effected.

On the question of the wider review, of course it covers all government departments. The review will come to fruition in the new year. The noble Baroness asked about Cabinet Office protocols. I cannot comment on those at this stage, but I can undertake in due course to give a full description and analysis of the published report. At that point this House will have an opportunity to comment on it.

The noble Lord, Lord Newby, said that certain lessons had to be learnt. It is the case that we have to look at the relationship between the Government and the big computer companies, as he put it, with which we make arrangements. The noble Lord indicated that in the past he had witnessed a limited exchange of information, but we are in a new era. In order to provide effective government, it is necessary for departments to talk to each other about problems that are frequently referred to in this House as being cross-government in nature and thus in need of that level of co-operation. However, it is absolutely essential that such cross-government activity has to be secure, and that is what the major report will address its investigations into. It will look at the efficacy of government with a heightened emphasis on the security of cross-government information in the wake of this most unfortunate development at HMRC.

The noble Lord also mentioned the problems surrounding communications with the general public through 0845 numbers. In the light of these difficulties, when the department does correspond with anyone directly affected by them, it is absolutely incumbent on officials that they guarantee that the reader and recipient of the letter is the person to whom it is addressed. Given that, of course such a letter will have a little more than just an initial and the surname of the person to whom it is addressed. It is bound to carry some additional information in order to make sure that the communication is delivered correctly. I hear what the noble Lord says, but noble Lords will recognise that this is a misadventure which has caused the Government a great deal of concern and grief. This is nothing more than the product of the need to provide interaction between departments at a much higher level than in the past. Further, the amount of information which a government now inevitably compile is much greater than in the past as a result of the expectations of our citizenry. It will therefore be appreciated that it is important to look at the Poynter report and the further investigation into the wider issues of government in order to identify clearly the constructive road ahead.

My Lords, I am grateful to the Minister for repeating the Statement. When this issue first came to light in early November I tabled a number of Questions for Written Answer. The Minister kindly replied to them last week. In doing so, he jumbled the five Questions together in one Answer. On looking at it, it was quite clear why that had happened—the reply failed to answer the two crucial questions that I had sought to ask. First, I asked how many discs had been lost. I received no reply to that in the Minister’s Written Answer. Secondly, I asked whether all the discs that had been lost were encrypted. I think I received an answer saying that they were but, in the light of what one has read and heard, I wonder whether that statement is accurate. Will the Minister go back to his department and check that he has not been given misleading information?

It is beholden on the Treasury and its Ministers to answer questions properly. I know that the Minister will agree with me and I am sorry that he has been let down by his colleagues. Will he press on his colleagues the need to give adequate answers to the questions I have asked and remind them that they are answerable to Parliament?

My Lords, of course Ministers are answerable to Parliament. I am grateful that the noble Viscount expressed the point in such a courteous way. He will appreciate that in circumstances where we had both a police investigation going on and an interim report being prepared for presentation to another place today, in answering his questions earlier in the week I was necessarily circumscribed in the information I could give until the interim report had been published.

I entirely subscribe to his viewpoint. It is an obligation on the Government to answer questions as clearly and as accurately as possible. The Treasury has an excellent record in this regard; it is one of the promptest departments in responding to Questions. I shall try to keep my side of the bargain in terms of prompt Answers, but there are times when we are somewhat circumscribed by other inquiries going on. The noble Viscount was asking questions which were clearly identified within the areas of the report and he will appreciate that we needed today’s announcement of the interim report before I could respond to him fully.

My Lords, we have been told before that the data were encrypted. That brings me to the heart of what the affair is all about—encryption. My question is very simple: will the encryption methods planned for use in departments in the future be tested by those who specialise in breaking encrypted data? It is one thing to lose a disc, but it is another thing completely to lose the encrypted data on that disc.

My Lords, my noble friend raises an important and difficult issue. He will have learnt that the immediate emergency measures taken by HMRC have been to introduce a plethora of passwords for entry into any one area of information. I cannot be absolutely categoric in response at this stage. I expect the report which analyses these issues will provide indications on how security can be guaranteed. I emphasise to my noble friend that his anxiety has been recognised and acted on.

My Lords, the Minister has understandably emphasised on several occasions the complexity of the situation. Perhaps I may try to make his life easier by asking two simple questions. The first question is for a number and the second question is for an undertaking. If his briefing does not enable him to produce the number, can he ensure that it is put in the Library before the House rises tomorrow; and can he at least take the undertaking I am asking for back to his colleagues and report to the House early in the New Year?

The number I would like to ask the Minister for is the number of occasions during 2007 to date on which, in total, government departments or agencies have had to report to the Information Commissioner the loss or corruption of or danger to information.

The undertaking I would like to ask him for is that the Government will, from next year, make a ministerial Statement in writing—published in the Hansard of both Houses, weekly to start with, so we can see how we get on, and if the figures justify it we could then go to monthly—about every time that something is reported to the Information Commissioner, giving which department or agency has reported it, what is the information lost or corrupted and the circumstances in which that happened.

My Lords, I am grateful to the noble Lord for the qualification that he edges into on that information—namely, that communicated to the Information Commissioner—which at least identifies that he is concerned about areas of real security that are of concern to Government. We all recognise that in vast, complex organisations bits and pieces between two individuals can go astray. That ought not to occasion a great deal of alarm—but he said “to the Information Commissioner”.

I cannot undertake to deliver that information to the noble Lord before the House rises tomorrow but, clearly, he wants that information as soon as possible. I will attend to that and seek to see the extent to which we can cover all that information given to the Information Commissioner.

My Lords, I first declare a small interest. Once upon a time, I was the Minister responsible for Customs and Excise, answerable for it to the House of Commons. It was a privilege to hold that office.

In the context of a series of unfortunate lapses after the translation of two revenue departments into one, does the Minister recognise that the two prior departments, while admirable in their individual discharge of different functions, had very different historical and internal cultures? A merger phenomenon such as that is regarded in the private sector as requiring particularly sensitive management.

My Lords, that is true, but Government are there to provide sensitive management and to be challenged if there is a management failure. Clearly, with the loss of those discs, there has been a failure, as acknowledged by the Government.

On the more general issues, the overarching report to which I made reference—conducted under the auspices of the Cabinet Secretary—commented in April of this year on the extent to which the two departments had produced a successful merger and how, in crucial areas, they were working with greater efficiency and to a high level of purpose. No one is going to say that departments settle down in a matter of months after a merger—the noble Lord would be the first to recognise that. There was nothing in the April analysis of the department, which was looked at carefully because of the merger, that indicated that the challenging aspect of the bringing together of two departments with different cultures was proceeding other than satisfactorily.