| Previous Section | Index | Home Page |
Mr. Darling: I give way to the right hon. Member for Wokingham (Mr. Redwood).
Mr. Redwood: The Chancellor has already referred to one action that he has taken since this became news. What has he done in the past 18 days to change the systems in his Department?
Mr. Darling: I will come to that. I have already said that HMRC has changed its procedures for dealing with the bulk transfer of data. This is one of the reasons why I asked Kieran Poynter, coming as he does from a very large accountancy firm with a lot of experience in dealing with these sorts of problems, to make recommendations. As I said, it is important that we get the evidence and the facts so that we can learn from what has gone wrong and then proceed.
Mr. Darling: I will give way to the right hon. Member for Fylde (Mr. Jack), and then I am going to make some progress.
Mr. Michael Jack (Fylde) (Con): It is said that the request to remove the sensitive information from the lost discs was turned down on cost grounds. If that is correct, first, how much was the cost saving; and, secondly, how much will it cost to clear up the mess?
Mr. Darling: That, along with everything else, is part of the investigation being carried out by Kieran Poynter.
I want to deal specifically with the central argument made by the shadow Chancellor. In my statement to the House on 20 November, I set out the facts and circumstances known to me in relation to the missing personal data. That statement was accurate in every respect in accordance with the information that I had then and have today. I specifically said in my statement that the House would understand that because the investigation was continuing, I was not yet in a position to give a full account of what had happened. I did, as the House would expect, set out the information I had available, including that the discs appear to have been provided to the NAO by a junior official in both the March and the October incidents. But I said in the same statement that Revenue and Customs as a department had failed to meet the high standards that should be expected of it in discharging its responsibility to the general public, who entrust it with highly sensitive personal information. I also referred to other data security breaches. Far from it being a one-off, I referred to those other breaches by Revenue and Customs, including the loss of records by an external courier and the loss of a laptop and other material in the very recent past.
Mr. George Osborne: The Chancellor said, when he spoke to us last week, that it was down to a junior official in the HMRC. The e-mails that were then released by the National Audit Office and the covering letter from the assistant auditor-general to the acting head of HMRC say that the HMRC process-owner for child benefit—whom I think the Chancellor would agree is a senior official—was a copy recipient of the e-mail dated 13 March. Does he now accept that a senior official was copied into the decision-making process?
Mr. Darling: I am just coming to that, but before I leave that point, the hon. Gentleman made much of the fact—I think these were his words—that somehow it was implied that this was a one-off incident. I specifically said in my statement that there had been other data security breaches in the recent past, and I went on to say that I told the House that because of my concerns I had appointed Kieran Poynter to investigate Revenue and Customs security processes, and the procedures for data handling. As I said, I will have his interim report by 14 December, and I will report to the House thereafter before it rises for the Christmas recess.
John Hemming (Birmingham, Yardley) (LD): Will the Chancellor give way?
Mr. Darling: Let me finish this point first.
It will be an interim report and there will be a full report in the spring. I made it clear in my statement last week that we need to establish what happened and how it came about that two discs containing highly sensitive and personal information were provided to the NAO by Revenue and Customs in October. In that context, it is important to look at Kieran Poynter’s published terms of reference because they make it very clear that I want a widespread investigation.
His terms of reference are: to establish the circumstances that led to the significant loss of confidential personal data on child benefit recipients, other recent losses of confidential data and the lessons to be learned in the light of those circumstances; to examine HMRC practices and procedures in the handling and transfer of confidential data on taxpayers on benefit and credit recipients; the processes for ensuring that such procedures are communicated to staff and the safeguards in place to ensure that they are adhered to; the reasons those failed to prevent the loss of confidential data; and whether those procedures and processes are sufficient to ensure the confidentiality of personal data.
The terms of reference are deliberately widely drawn to allow every aspect of this matter to be looked at and to ensure that the lessons are learned at every level in Revenue and Customs.
Mr. Philip Dunne (Ludlow) (Con): In view of what the Chancellor said about the importance that the Government attach to the security of data transfer, will he confirm to the House that the data included on the two CDs were not encrypted, as the HMRC’s press office statement said, which was reported on Newsnight last week?
Mr. Darling: I said last week that the data were password-protected, but not encrypted. Most people agree that the data ought to have been encrypted, but they were not.
Patrick Hall (Bedford) (Lab):
Will my right hon. Friend take it from me that the shadow Chancellor has lost a golden opportunity today? Does he agree that what the country looks for, when serious matters such
as those we are debating today are considered, is a calm and measured response that addresses the issues for the long term in the interests of the country, and seeks to put them right? Instead, we got personal, cheap remarks with cruel humour and not one iota of constructive suggestion from the Opposition.
Mr. Darling: I agree with my hon. Friend that, as I said at the start, this is a serious matter, which means that we need to deal with it properly and comprehensively.
Mr. Darling: I have been promising to give way to the hon. Member for Birmingham, Yardley (John Hemming) for some time.
John Hemming: Obviously, we recognise that one of the biggest problems in the release of the data was that they were not encrypted, but merely password-protected. Why, therefore, has the Department not said that while the review continues, any data discs should be sent out in an encrypted manner? Merely having a sign-off from a senior manager would not prevent exactly what has happened from happening again.
Mr. Darling: Part of the procedures that have been put in place, and which require the sign-off of a senior manager, ensures that if a large transfer of material were being made, encryption would be looked at. It may be that other things can be done—material might be taken under suitable security and so on. All those things will be looked at.
Mr. Darling: No, I will not give way again. The hon. Gentleman has made his point. It is a perfectly reasonable one, but it is one of the things that Kieran Poynter is looking at.
Mr. Darling: I will not just give way just now.
We will have the interim report in three weeks’ time, and, as I said to the House last week, that will be alongside the police investigation, the independent police complaints investigation and the Information Commissioner’s inquiry. The NAO is also conducting its own investigation.
I want to deal with the shadow Chancellor’s allegation about whether a senior HMRC official was involved in the earlier incident in March. As I said to the House, there were two incidents—the October incident, which led to the loss of the material, and the March one, which equally should not have happened, but where the material was returned. The question was whether a senior HMRC official was involved in the decision to release information to the NAO in that earlier incident in March. The House will recall that the discs were returned safely, but when the e-mails the shadow Chancellor refers to were published, they were accompanied by a letter written by an assistant auditor-general at the
NAO, and sent, as he said, to the acting chair of Revenue and Customs, dated 22 November.
I want to read a paragraph from the letter. I think the hon. Gentleman has it, but it is rather important in relation to the allegation he made. The assistant-auditor general says in her letter:
“We met this morning and agreed that the HMRC Process Owner”—
that is, the official in question—
“for Child Benefit was a copy recipient of an e-mail dated 13 March 2007. The e-mail was sent by a junior HMRC”
“It refers to a reluctance to provide data in the filtered form the NAO had requested. We also agreed that our own NAO audit director was aware of the position, and that we have no evidence that the Process Owner for Child Benefit made the decision to release the data.”
The hon. Gentleman left that bit of the letter out.
Mr. George Osborne: Will the Chancellor give way?
“The National Audit Office is not making an issue of any of this.”
There is no inconsistency between that and what I said last week.
Mr. Osborne: Will the Chancellor give way?
There is no inconsistency between what I said in my statement last week and the information publicly available. Crucially, exactly what happened in the chain between the time that information was requested and the discs were handed over is to be investigated by Kieran Poynter and the National Audit Office, which is carrying out its own inquiry. They will examine the evidence, establish the facts and make recommendations.
Mr. Osborne: The Chancellor did not accurately read that letter. He read the sentence, “The e-mail was sent out by a junior HMRC official”, which is what he told the House of Commons. The sentence actually says:
“The e-mail was sent by a junior HMRC manager”—
that is, management in the senior levels of the department. [Hon. Members: “A junior manager”] It was indeed a junior manager, but that still makes him a senior official. He makes the point— [ Interruption. ]
Mr. Deputy Speaker (Sir Michael Lord): Order. These are extremely serious matters and all our constituents would expect us to deal with them seriously.
Mr. Osborne: Indeed, 96 per cent. of people employed in the department are more junior than the person whom we are discussing. Perhaps the Chancellor could correct the record about the letter. Will he explain why someone, who is presumably close to him, told the BBC’s political editor that
“when he spoke to the Commons the Chancellor had not seen the e-mails and had not been told of the potential involvement of a senior official”?
Mr. Darling: The letter does say “junior HMRC manager”, but I note that the hon. Gentleman did not comment on the fact that it also states:
“We have no evidence that the process owner for child benefit”—
the senior manager whom we are discussing—
“made the decision to release the data.”
In other words, that evidence is not available to us.
The key point is that I have asked Kieran Poynter to examine all the evidence to establish what happened. As I said in my statement last week, I did not have all the information; I was able to make an interim report at that time, but further information was needed. It is precisely because of the need for full and further information; that I have asked Mr. Poynter to report. When he reports by 14 December, I will return to the House and make an oral statement before the House rises for the Christmas recess.
The incident is serious. Again, I apologise unreservedly to the public. The Department has clearly failed in the high standards that the public rightly expect. That is why I asked for a thorough inquiry. The lessons need to be learned so that we make sure that it does not happen again.
2.1 pm
Dr. Vincent Cable (Twickenham) (LD): I support the Opposition motion, although it is rather narrowly couched. The hon. Member for Tatton (Mr. Osborne) broadened it a little to refer to ID cards, but there are much broader questions than those posed by the motion. None the less, I agree with it.
We all accept that the starting point is the potential through the loss of the CDs for damage which has not yet been fully realised. Among those who come to me as a local Member of Parliament to express anxiety are people who are desperately worried that information about their identity and location will be leaked to their partners or former partners from whom they have separated. In some fraught relationships, identity is crucial, and all that information could now be lost.
We sincerely hope that the discs will not fall into the hands of the criminal fraternity. However, I understand that one identity on the black market is worth approximately £60. We are therefore considering a stock of criminal value of around £1.5 billion, which makes the Brinks Mat robbery the equivalent of stealing the church collection. An enormous amount remains at stake.
I shall tackle the broader questions, but I should like first to deal with the specific, basic question that the hon. Member for Ludlow (Mr. Dunne) and my hon. Friend the Member for Birmingham, Yardley (John Hemming), who is an encryption specialist, asked about why encryption has not routinely taken place. I understand that that was not a simple oversight and that almost all the data that have been lost and all those that have been shipped around in government are not encrypted. Encryption is simply not happening. What are the reasons for that? My understanding, from talking to some of the specialists involved, is that IT specialists, mostly freelancers, are needed to encrypt data. The big IT companies are not interested in using them and the civil servants who oversee them do not understand the problem, so encryption is not happening. Can the Poynter inquiry probe that further in relation not only to the Treasury but departments in general?
A second set of questions relates to transporting the discs. We now know, as a result of the information that has been released in the past few days, that not only the Standard Life discs and the two CDs went astray. Apparently, two more CDs that contained confidential information were lost in transit from Preston to Whitehall. Yesterday, I believe that discs that contained Scottish Government confidential information went astray in Scotland. Why is transport handled in such a way? In the years I spent in the diplomatic service we had something called the diplomatic bag, which may have been overrated but existed specifically to handle confidential data. Of course, transporting data across borders involves somewhat different considerations. None the less, there was a recognition that confidential data need to be handled confidentially and carefully, and that a dedicated institution was merited. Yet that concept appears to exist nowhere in government. I wonder whether the Poynter inquiry will argue that simply contracting out less stuff to courier companies is the best way in which to handle the information.
Stewart Hosie (Dundee, East) (SNP): The hon. Gentleman has considered encryption and the procedures for transit. Is not a more fundamental point that someone in the department was able to copy the data, without a technical intervention from a senior manager?
Dr. Cable: The hon. Gentleman is right and access was my next point. I asked that question of the chairman of a leading plc, who thought that it was unbelievable that a junior employee in his company could have access to all the company’s commercial and technical secrets. He said that there would be an elaborate and difficult process to ensure that people going into the database and getting out again were properly screened. That appears to exist nowhere in government. Again, we need to establish why.
Chris Mole (Ipswich) (Lab): On what basis does the hon. Gentleman think that?
Dr. Cable: I am simply asking questions— [Interruption.]
Mr. Deputy Speaker: Order. If hon. Members want to intervene, they must do so in the normal way, not from a sedentary position.
Dr. Cable: My question on the specifics of the leakage relate to why the information was transmitted through CDs. I am not a specialist, but I understand that super-computers nowadays transmit data electronically and instantaneously and that receipt can be confirmed instantaneously. Why is a rather antiquated system, in computer terms, employed for the major transmission of data? That is a simple, factual question about which the inquiry will doubtless enlighten us.
| Next Section | Index | Home Page |