The damning admission that sensitive data on every family with children in the country, including bank account details, National Insurance numbers and the names and dates of birth of their children, is missing and available potentially to criminals is unprecedented. The possibility of 25 million people at risk of serious identity fraud, because so many people use middle names or children's names as passwords raises worrying general questions about the safety of personal information and particular ones about the way HM Revenue and Customs (HMRC) operates and the Treasury's responsibility for that operation. Yesterday Paul Gray, the chairman of HMRC (in practice, its chief executive), resigned and was praised from all sides as an honourable man.
HMRC, created in 2004 by a merger of Inland Revenue and Customs and Excise, under the aegis of the then Chancellor, Gordon Brown, although run by an executive board is answerable to parliament through the Chancellor of the Exchequer. It was thus that Alistair Darling found himself responsible for its operational workings. The merger resulted in 25,000 job losses and a vital question will be whether pressure on the department was a factor in this catastrophic breach of procedures. To that end, the inquiries by the Independent Police Complaints Commission (IPCC), which monitors HMRC, as well as by the Metropolitan Police, announced by Mr Darling are welcome. They must examine every part of the organisation from policy to the most mundane practice.
Every taxpayer in the country must be confident that the information it holds is secure or conclude with Vince Cable, acting leader of the Liberal Democrats, that the Treasury has replaced the Home Office as the government department "not fit for purpose". Inevitably, there are calls for the Chancellor, already beleaguered by the fall-out from Northern Rock, to resign. Despite the extreme gravity of this situation, it is arguable that it is one of those random human errors that can happen on anyone's watch. If he is given the benefit of the doubt on that score, his future will depend on his handling of the crisis. There is concern about the delay in making the loss public, but Mr Darling said the banks had asked for time to put monitoring systems in place. Although it will be reassuring for people whose details have been lost that they are flagging up accounts which receive child benefit payments, many would like to have been alerted sooner.
The breathtaking incompetence of a system by which a relatively junior civil servant could download sensitive material to discs and send them as unregistered post immediately and properly prompted questions about the security of the proposed national identity cards and a central database of NHS patient records. The government suggests the biometric material that will be a component of identity cards will make them much less susceptible to fraud and that much newer technology will provide a safeguard for the patient-record database. Nevertheless, this experience will deepen the anxiety ordinary people feel about the storage of personal data required by these measures. Both should be re-examined carefully in the light of the lessons to be drawn from this calamitous failure of procedure.
Mr Darling must now ensure the investigations he has instigated discover exactly how things went so wrong and that the procedures are made failsafe, but unless he fulfils George Osborne's advice to "get a grip" and does so fast, he is fatally wounded. It is not enough to say: "This must never happen again"; new technological and procedural systems must make that impossible. In this instance, the buck stops with the Chancellor.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article