UK Government Loses 15 Million Private Records

bestweasel writes "The BBC reports that a UK Government department has lost discs with details of 15 million benefit recipients, including names, addresses, date of birth and bank accounts. The head of the department involved, HM Revenue & Customs, has resigned and his resignation 'was accepted because discs had been transported in breach of rules governing data protection' so someone thinks it's not a trivial matter. The Chancellor will try to evade responsibility in the House of Commons at 3.30 GMT. A similar leak of a 'mere' 15,000 records from the same department happened a month or so ago. At that time, they refused to say 'on security grounds' whether the information was encrypted." We just recently talked about Britain's consideration of legal penalties for situations like this. I imagine this incident will weigh on that decision.

yeah, it'll weigh on them

[Nursie]

And the government will give itself a nice fat getout clause so that it's immune when it loses everyone's data, but any company or individual outside the government is in trouble.

Just watch and wait.

Re:25 million now...

[ilovegeorgebush]

Indeed. I was going to post the same thing. I'm absolutely shocked they could be so careless. Apparently, it was sent via normal post, without recorded delivery. There's a full summary from the BBC on Alistair Darling's announcement here [bbc.co.uk].

Of particular interest is the fact that it was sent twice. Once again, by recorded delivery, after the initial package was lost in transit.

Re:25 million now...

[Billosaur]

How can you be shocked? This is government we're talking about... doesn't matter the country. As soon as you give one group of people anywhere the power to run the whole show, they break down into three categories:

1. Power Brokers - the people who actually run things (and not necessarily having been elected to do so)
2. Bureaucrats - the paper pushers, who created the red tape that keeps anyone from actually know what's going on or where the money came from/went to
3. Grunts - the people who do the actual work, usually for very little money compared to 1) and 2), who will do things the way that's easiest, despite the rules

I think this mess happened due to 3):

"Contrary to all HMRC standing proceedures two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the National Audit Office by HMRC's internal postal system operated by the courier TNT.

"The package was not recorded or registered."

Some guy/gal knew the data had to get out and couldn't be bothered to send it via courier or registered mail. Plopped the discs in an envelope, licked it, stamped it, and dumped it in the post.

Re:25 million now...

[cliffski]

half a billion? no way more. heres what vince cable had to say:

"As we stand at present, every taxpayer in Britain has something approaching £900 of their money at stake in this small mortgage bank following the £24 billion loan (which excludes the less controversial £18 billion in deposit guarantees).

When Tony Blair was Prime Minister he was widely and rightly criticised for squandering £800 million on the Millennium Dome. This Prime Minister and this Chancellor have invested the equivalent of 30 Millennium Domes in this bank and we don't even have a few pop concerts to show for it.

There are some key questions for the Government to answer:

Will the Government's loan will be paid back in full, with interest, in this Parliament?

Is it true that Mr. Adam Applegarth, who led the bank into its current disaster, can expect a £2 million pension pot and generous bonuses, all underwritten by the taxpayer? How did the Government get into a position of entrusting vast sums of taxpayers' money to a man who showed his own faith in the company by selling his own shares to invest in a country mansion and a Ferrari?

What is the true total figure? We know about £24 billion from media reports, but the Government has not come clean: it has refused to give a figure, refused to confirm the media reports and refused to say whether there are even more loans than those the media discovered."

Re:As someone who's worked in the public sector...

[jesterzog]

Thanks for pointing this out, which I entirely agree with. I also agree with the first response to your post, which is that it's like this all through the private sector, too. The difference is that government organisations actually have to be directly accountable to people sooner or later, and in that sense they have a much harder time. It's not really a surprise that a lot of people don't want to work for them.

Lately I've been doing IT work for a government department (in New Zealand in my case) which is actually run well. The entire government sector here was overhauled in the early 1980s with the Official Information Act, which has had at least one really good review [smh.com.au] from over the Tasman. The law says that anyone can request any information from any department at any time, and the department has to provide it within a specific timeframe (about twenty-something working days), or it'll get into a lot of trouble. The only exceptions are if the request is unreasonably complex, or if there's a good reason to withhold it (such as privacy, etc), in which case the department has to explain why it's withholding the info, and often convince an external auditor that it's justifiable to do so.

After 25 years of working with it, the whole government sector has adapted. We have a full time team of people which is specifically dedicated to receiving official information requests from the public and journalists, delegating them to appropriate managers or other staff, and then making sure the queries actually get answered appropriately.

Everyone knows they could be accountable at any time, any they take it seriously, and contrary to what it sounds like your experiences have been, the management actually supports the whole thing, which as an employee is very encouraging. It's not perfect and people do make mistakes, but the whole system does seem to be a lot more accountable than what I've heard of something like the US Federal Government, for instance.

Re:25 million now...

[Archtech]

"No, that would be Parliament".

True in theory. The facts of the matter are these:

1. The UK parliament consists of two houses: Commons and Lords. By constitutional convention, the Lords cannot block legislation agreed by the Commons; they can only delay it for a while and urge them to think it through.

2. Because the British constitution does not separate the legislature from the executive branch, the Prime Minister is the leader of the party with a majority in the Commons. That means that the Commons becomes a rubber stamp for whatever laws the PM wishes to pass. So the law to punish irresponsible data loss was passed by Parliament - true. But it was initiated by Gordon Brown, the PM, and his pals in the Cabinet; and once they decided they wanted it, nobody could stop it.

3. HMR&C is a government department mostly run by career civil servants. But it reports in to the Chancellor of the Exchequer, the government minister responsible for finance, who is the senior member of the Cabinet after the PM. Gordon Brown, the current PM, was Chancellor for the past ten years.

4. So, if you follow the threads of power and responsibility - yes, the loss of data is directly traceable to the same people who passed the law. But they have set up an impressive array of cut-outs and facades to give them every opportunity for "credible deniability".