Acting HMRC boss comes clean

HMRC acting head Dave Hartnett has admitted that the 25 million record data loss via two missing CDs may well be systemic. At last, the emperor's lack of clothes is being acknowledged.

As well as the missing CDs sent to Standard Life and the NAO there have been, he said, five other security breaches since 2005.

This could, he said, represent a 'systemic failure'. Dave, Dave, come on, go the whole hog. No 'could be'; it is systemic failure and you know it. HMRC (and probably other government departments like DWP) has been sending CDs full of confidential identity information around the country using ordinary courier services and in an unencrypted state as a matter of course for years.

Everyone with any common sense knows it and, unless you have a head filled with polyurethane foam bubbles, you know it too.

We know what he answer is and so do you: encrypt everything leaving your secured premises and use secure networks in preference to CD transfer. The only question is how much it's going to cost. Millions of pounds, of course.

Hartnett was presenting evidence to the Treasury select committee yesterday. The candidate for scapegoating, otherwise known as the Washington-based junior official, is now safe unless there are obsessional idiots in the HMRC HR and senior management ranks. Given that there are apparent idiots in charge of IT (Deepak Singh) and finance (Stuart Cruikshank) we can't be too sure.

It was Singh's department which stored the data, extended access to everybody and their pet dog, and let data be burnt onto CDs and scattered around the country like confetti. If he is not responsible for the security of this data in HMRC then who is?

Worse still, this dysfunctional HMRC was the result of a Gordon Brown-inspired merger of HM Custom and the Inland Revenue. He then told the organisation to lose thousands of jobs, live on a smaller budget and improve services.

Its bosses were not up to this impossible task and so the Prime Minister's baby has thrown millions of people's identities out of its pram and the head nanny, Paul Gray, resigned when this became public.

Hartnett told the committee: "We set out in 2006 to learn lessons in relation to security and to tighten things up." Naturally somebody might have mentioned encryption then but the likely £20 million or so cost would have ruled it out because there would be no extra money forthcoming from the clueless Chancellor and money couldn't be diverted from other HMRC projects because service was being improved.

Related news

A grateful government has given supposedly disgraced ex-HMRC nanny Paul Gray a new job just a week or two after he fell on his sword, meaning suffered no disgrace at all, for protecting the chancellor and taking the rap for the HMRC blunder. He instantly became Darling's darling and can look forward to a long and prosperous period as a well-heeled member of the great and the good.

There is now a £20,000 reward for finding the two missing NAO CDs.

The identities of protected witnesses from criminal trials were included in the lost data.

This story, "Acting HMRC boss comes clean" was originally published by


Copyright © 2007 IDG Communications, Inc.

Shop Tech Products at Amazon