Previous Section Index Home Page

Nigel Griffiths (Edinburgh, South) (Lab): Although the Chancellor has said that the information should never have left the building and, indeed, that it was
20 Nov 2007 : Column 1114
security protected, will his review look at ensuring that the highest level of security protection is now applied to all appropriate sensitive data?

Mr. Darling: Yes, we must do that. As I said a moment or two ago, if sensitive information is to be taken out of a building, it must be transmitted as securely as possible. I suspect that there will be a number of different ways of doing that, but it is critically important and it is what the public expect.

Richard Younger-Ross (Teignbridge) (LD): Is the Chancellor aware that security codes and passwords can be broken? The Apple iPhone code was broken within a day of its launch in the UK. Considering the ability of criminals to breach codes and passwords, what advice has he received from the Metropolitan police about the likelihood of identity fraud if the data should fall into the wrong hands?

Mr. Darling: I agree that we need to make sure that as much security as possible is attached to any transfer of information. Part of the purpose of Sir John Bourn’s review is to consider, for example, how many cases need to be seen when carrying out perfectly legitimate audit requirements and what information he actually needs to see. Sir John will want to consider those points and discuss them with HMRC and other Departments. In relation to HMRC, if information is requested, consideration has to be given, as already required by the guidelines, as to whether an auditor should be invited to look at the information in the place where it is held or, if it is sent, what precautions should be attached—whether encryption, password protection or whatever. I understand that all those things are provided for under existing requirements, but what happened in this case was that the existing procedures were not followed at each and every stage.

Mr. Geoffrey Robinson (Coventry, North-West) (Lab): Is the Chancellor aware that the whole House is, naturally, seized of the gravity of the breaches in procedure that have taken place, but recognises, equally, that he in his office has acted with great dispatch and decisiveness in dealing with this difficult situation? May I associate myself with his tribute to Paul Gray, whom I knew when at the Treasury? He is a civil servant of distinction, but his resignation was necessary in the circumstances, as he readily saw. In involving the police, the Chancellor clearly did the right thing and acted immediately in that respect—a similar thing is true of looking at the systems. May I put a point to him on the question of the transmission of data? However we transmit data, somebody has to take the decision. With information of this kind, should not two or three levels of officials—going, where necessary to the very top—have to be involved?

Mr. Darling: I agree with my hon. Friend’s remarks concerning Paul Gray. I also agree with what my hon. Friend said about the transmission of this type of information. Revenue and Customs has now put in place procedures that require access and transfer to be approved at the very highest level of the organisation. It is quite clear from what has happened that that needs to be applied in the future as well. It cannot be left to someone at a junior level in the organisation to decide
20 Nov 2007 : Column 1115
whether information, especially information of this nature, should be downloaded—and then, in this case, posted in a way that was totally insecure.

Mr. Andrew Robathan (Blaby) (Con): The Chancellor has given my right hon. Friend the Member for Hitchin and Harpenden (Mr. Lilley) and my hon. Friend the Member for Harwich (Mr. Carswell) reassurances that any personal information stored for ID cards will be safe. However, after this astonishing display of incompetence, why would anybody have any faith in the Government or trust them to be able to keep personal information secure?

Mr. Darling: For the reason that ID cards match up biometric information with the information that is held, so that the person holding the information knows that the person asking for it is legally entitled to it. That is the difference between many other systems, which do not have that biometric lock, and the ID card system, which would have that biometric lock. It seems to me that that would give me and the hon. Gentleman, as individuals, far more protection than there is at the moment.

Helen Jones (Warrington, North) (Lab): The Chancellor acted promptly to ensure that the banks had systems in place to deal with the matter before it became public. However, he will be more aware than any of us that, now the matter is in the public domain, all sorts of people will try to work various scams through the internet and by telephoning people, claiming to be acting on behalf of the banks, to get personal information. What discussions has he had on alerting members of the public—some of whom may be in very vulnerable positions—to that possibility, to ensure that they do not give out personal information in response to those sorts of request?

Mr. Darling: My hon. Friend raises a perfectly good point. I said in my statement that people should be very wary if they receive unexpected phone calls or e-mails asking them for personal information. As I think we are all aware, that can happen anyway, but that is especially the case at present. Revenue and Customs is writing to all recipients of child benefit to explain what has happened, to set out what people need to do and to assure them that they will get their child benefit payments in the normal way. The letter says that if people do receive any unusual requests, they should decline to give the information until they are absolutely sure that the request is coming from the right place.

Stewart Hosie (Dundee, East) (SNP): This was a catastrophic loss of security and a fundamental breach of trust—so much so that Paul Gray resigned, which is honourable. I am concerned that the error made in March was fundamentally allowed to be replicated in October. I am concerned that the lost data, sent on 18 October, were not reported to the police until 14 November. However, I am most concerned about the system failure, including as regards the implementation of guidelines, which allowed a junior official to copy the entire child benefit database on to a disc and post it, unregistered, to anyone. The
20 Nov 2007 : Column 1116
Chancellor said that he will work with the Treasury Committee—I have spoken to its Chair—and I hope that when he does he will raise the matter of process quickly, particularly the process whereby procedures are put in place to ensure that there is ministerial oversight and sign-off of all security matters—

Mr. Speaker: Order. I call the Chancellor.

Mr. Darling: The procedures were there. I am not saying that they cannot be improved; indeed, I am sure that they can be improved. As I understand it, the problem was that the people concerned did not follow the procedures. That is why we have the problems that we do. The senior management of HMRC are making sure that there are very clear instructions and that tighter procedures are in place. The reason that I asked Kieran Poynter to carry out his investigation and to provide me with an interim report next month is that improvements are necessary; that is beyond doubt, and I entirely agree with the premise underlying the hon. Gentleman’s question.

Paul Farrelly (Newcastle-under-Lyme) (Lab): I, too, commend the Chancellor for his prompt and candid statement. I echo the sentiments of my hon. Friends the Members for High Peak (Tom Levitt) and for Warrington, North (Helen Jones) about the responsible way in which he allowed the banking sector time to prepare. May I ask my right hon. Friend, before the press do, who is bearing the cost of flagging the accounts and analysing transactions within the industry?

Mr. Darling: The banks have put in place those procedures; they have them. There have been data losses from time to time, so that is something that they are concerned with at the moment. We will continue to discuss with the banks what is necessary to safeguard people’s interests in future.

Mr. David Heathcoat-Amory (Wells) (Con): What other organisations or agencies connected with central or local government are in receipt of, or have access to, any personal tax or benefit data held by Revenue and Customs?

Mr. Darling: All tax records will be the responsibility of HMRC, but there are procedures that lay down access to, or exchange of, information. That is governed by primary legislation in many cases, and by the Data Protection Act 1998, which has clear instructions on what can and cannot be done. There are also internal procedures. The inquiries that I announced today will look at those things. We need to make sure, first, that they are adequate to the task, and secondly—and equally important—that procedures are followed to the letter.

Anne Snelgrove (South Swindon) (Lab): It is clear that my right hon. Friend has struck a good balance between giving banks, building societies and the police time to do their work and informing the House. I welcome the appointment of Kieran Poynter to look into HMRC’s processes. What is being done to ensure that our constituents’ details are kept safe until the report is presented?

20 Nov 2007 : Column 1117

Mr. Darling: First, as I have said on a number of occasions this afternoon, there is no evidence that the information has fallen into the wrong hands, and the searches for it will continue. I set out the procedure and processes that have been followed by the banks in relation to flagging accounts. I have also said that Revenue and Customs has put in place a very tight regime that will prevent information from being downloaded or transmitted without its being signed off at a very senior level. I hope that both those measures will provide some reassurance in what is clearly a very difficult situation.

Mr. Michael Fallon (Sevenoaks) (Con): Another day, another incompetence. If the Chancellor knew on 10 November, can he tell the House on which date he alerted the banks, and why he dithered for four days before calling in the police?

Mr. Darling: I am not sure whether the hon. Gentleman was present during my statement. I said that on 10 November, when I was told about the matter, I immediately asked that there be a thorough search. That search was carried out by trained Customs officials who are used to looking for missing items. I was told on the Monday that people were optimistic that we would be able to find the package, but by Wednesday it was clear that that would not happen. That is when the Metropolitan police were called in. At the same time—this is an important matter—I was acutely conscious that we had to give banks time to put in place sensible precautions before it became public knowledge that the information was out there. The banks said that they needed time to put in place proper defences and it would have been wrong of me to ignore that advice.

I also said in my statement that I discussed the matter with the Information Commissioner, who was clear about two things—that the information had to be made public, but only after we had had an opportunity to talk to the banks and put in place such protective measures as were appropriate and could be put in place. I believe that I struck the right balance between a duty to tell the House what had happened, and a general duty to protect the public interest as much as I possibly could.

20 Nov 2007 : Column 1118

Mr. Mike Hall (Weaver Vale) (Lab): I welcome my right hon. Friend’s statement about a matter which is a serious breach of the Data Protection Act. May I press him on the role of the National Audit Office? What I would like to see come out of the inquiry is the nature of the information that it requested, whether that request was compliant with the Freedom of Information Act and the Data Protection Act, and at what level the decisions were taken. There is always a responsibility on the people requesting information to be sure that they are legally entitled to have the information that they have asked for.

Mr. Darling: That is something that we need to establish. As I said in reply to a question from the Chairman of the Public Accounts Committee, the hon. Member for Gainsborough (Mr. Leigh), we need to establish who was involved at the NAO and HMRC, at what level, what they were asked for and how that request was responded to. One of the things that Sir John Bourn wants to examine is the nature of information that is asked for in future, as well as the handling of those requests and of the information if it is to be made available. It is entirely sensible that we should do that.

Peter Viggers (Gosport) (Con): It is appropriate that the Prime Minister should be present, because the whole tax credit system is a product of his over-fertile brain. We have long known through constituency experience that the situation is irredeemably complicated, but the present circumstances have shown us that it is also unduly intrusive. Will the Chancellor of the Exchequer undertake to look at the system again from first principles?

Mr. Darling: The matter does not concern the child tax credit. It concerns child benefit, which is a different benefit. I should have thought that the hon. Gentleman knew that.

Several hon. Members rose

Mr. Speaker: Order.

20 Nov 2007 : Column 1119

Points of Order

4.32 pm

Daniel Kawczynski (Shrewsbury and Atcham) (Con): On a point of order, Mr. Speaker. I have been working for a considerable time with representatives of Shrewsbury borough council to ensure that the brave servicemen and women from Shropshire who have served in Iraq and Afghanistan are given an appropriate civic reception to honour their bravery. Today we have been informed by media operations staff at the Ministry of Defence that they will not allow those service personnel to come to the civic reception which I am organising on 29 November because they claim that, as an MP, I am a politician and it would therefore be a political event. I find that disgraceful. We as Members of Parliament must do everything possible to ensure that our brave servicemen and women are recognised for what they have done. Would you please ensure that a Minister comes to the House and gives proper guidance in the matter?

Mr. Speaker: That is not a point of order, but I will tell the hon. Gentleman how I would do it. Get the Lord Mayor—in Glasgow it would be the Lord Provost—to run the civic reception. That makes it non-political and, of course, a local Member of Parliament can be there to welcome the troops back. That would be the way to do it. It was not a point of order. I am just giving the hon. Gentleman a bit of advice.

Philip Davies (Shipley) (Con): On a point of order, Mr. Speaker. During the statement that we have just heard from the Chancellor, no mention was made of the potential threat to child protection—

Mr. Speaker: Order. I will not extend a statement that has been made. I am sorry that I did not call the hon. Gentleman, but that’s the way the cookie crumbles, as they say in America.

20 Nov 2007 : Column 1120

Orders of the Day

Channel Tunnel Rail Link (Supplementary Provisions) Bill

Order for Second Reading read.

4.34 pm

The Parliamentary Under-Secretary of State for Transport (Mr. Tom Harris): I beg to move, That the Bill be now read a Second time.

The channel tunnel rail link, or High Speed 1, is now open—on time and on budget. Passengers can now travel the 68 miles from St. Pancras to the tunnel at speeds of up to 186 mph. The journey from London to Paris can be made in two hours 15 minutes, and the one from London to Brussels in one hour 51 minutes.

From December 2009, domestic journey times will be slashed for commuters living in Kent, with the arrival of a new fleet of trains. London and Continental Railways, or LCR—the company that built the rail link—estimates that the project will generate an additional £10 billion of private sector regeneration investment along its route. Management of construction has been a tremendous success. In part, that is down to the structure in place: the corporate and contracting structures and the roles played by all stakeholders—LCR, the Government and a range of other partners. However, managing a construction project is not the same as managing a railway. The Bill makes a small number of changes to support a restructuring and make sure that the future structure is as effective as the existing one.

In 1996, London and Continental Railways won a contract to design, build and finance the channel tunnel rail link. That, however, was only the beginning of the story. The fact that the line runs from Kent to St. Pancras today is in no small part thanks to the efforts of Michael, now Lord, Heseltine. His focus on regeneration led to the rerouting of the original alignment under south London and enabled St. Pancras station to become the monument to British engineering that it now is.

In 1996, LCR and the Government signed a number of deals, of which the most important is the development agreement; LCR acquired not only the UK arm of the Eurostar joint venture, but brownfield development land around King’s Cross and Stratford. The first part of High Speed 1 opened in 2003 and the second section opened last week. The 1996 financing plan was to borrow against Eurostar revenues; it soon became clear, however, that those revenues would not give lenders enough security.

Unwilling to see the project fail, my right hon. Friend the Member for Kingston upon Hull, East (Mr. Prescott), then Deputy Prime Minister and Secretary of State for the Environment, Transport and the Regions, led a rescue bid in 1998. That comprehensive restructuring exercise secured the project’s future; without my right hon. Friend’s intervention we would not have celebrated the opening of St. Pancras earlier this month. My right hon. Friend’s role was pivotal. Without his efforts, it is clear that High Speed 1 could not have been built. It stands today as an outstanding legacy to his political career. I hope that the House will recognise his achievement.

Next Section Index Home Page