Viewpoint: Data fiasco is a shameful lesson
Published 22/11/2007 | 08:29
How safe can anyone be from identity fraud, now that Revenue and Customs has lost the personal details of 25 million parents and children, including half a million in Northern Ireland? Frankly, it is impossible to know, as long as two missing CDs cannot be traced.
The Government may ask people not to panic, since there is no evidence the information is in criminal hands. Even if it is, there is a guarantee that any money that is lost will be reimbursed - by the banking system first and then by the taxpayer. Yet people are rightly worried by the story of incompetence, undermining confidence in the Government's ability to manage their affairs.
Letters will be sent to everyone involved, trying to give reassurance, but the scale of the blunder is so great and the possible consequences so huge that the Government's reputation may take years to recover. All over Northern Ireland, parents are spending precious time and money checking accounts and changing passwords, because a junior clerk - who may have had inadequate training - sent off CDs which had not been encrypted, using a courier service which lost them. No wonder people are angry, as well as fearful.
The £200,000-a-year chairman of HMRC, Paul Gray, has honourably resigned, as he had to, when details of this and other slip-ups emerged. An encrypted CD was lost in September, 41 laptops have been stolen in the past year and in May £5.8 billion was found to have been overpaid on tax credits. Without encryption, the CDs were - and are - wide open to fraudsters, for identity theft.
Hopefully, the hue and cry will result in the information losing its value, but the lessons from this shameful episode must be learned. Every government department and every company dealing in people's personal details must become much more informed and careful about the possibility of identity theft, just as individuals must do all they can to avoid being targeted. The internet is a boon - and experts say emailing the lost data, with encryption, would have been safer - but it is also a place with hidden dangers for the unwary.
There is good evidence to show that, despite its pre-eminence as a financial centre, the United Kingdom lags well behind other countries in its data protection laws and practices. If it acquired a reputation as a place where personal details were unsafe and where banks and building societies operated recklessly - like Northern Rock - and were given unlimited government protection, the consequences could be extremely serious.
One possible casualty of the CD fiasco could be Gordon Brown's pet project - a comprehensive ID card for every citizen, full of personal biometric data. After the HMRC debacle, who would feel safe from computer hackers?