Previous Section Index Home Page

Like many other hon. Members, I have spent 25 days with the police on a parliamentary police liaison scheme.
28 Nov 2007 : Column 338
One of the things that I heard from the police time and again was that ID cards would be a huge boon in helping them to deliver the service that we want. From the response to a question that I asked the Home Secretary earlier this week, it is already evident that biometric identification in passports for foreign nationals living in this country has contributed significantly to reducing the scale of illegal immigration. I ask Ministers not to resile from their position, but to recognise that there are huge data protection issues that need to be addressed before ID cards are introduced.

3.46 pm

Angela Watkinson (Upminster) (Con): I shall allow my hon. Friend the Member for South-West Hertfordshire (Mr. Gauke) time to speak, but in the few minutes remaining I want to introduce into the debate a facet that has not yet been mentioned—systemic failure in another department of HMRC: the one that issues VAT registration numbers.

The department has a target of issuing numbers in eight weeks. I shall use as an illustration a constituency case because I believe it to be typical. My constituent, Mr. Prutton, first applied for a VAT registration number eight months ago—I repeat, eight months. Persistent correspondence and telephone calls to the Newcastle office and the complaints department in Newry have got him nowhere. He submitted to HMRC a range of personal data—the application form, a questionnaire, invoices relating to his new business and, most importantly, bank statements. Those are not bank details such as the sort code and the name and number of his account, but bank statements showing movements and balances on his account. He has had no indication from HMRC’s VAT department whether those documents arrived safely, whether his case is being considered or where it has got to.

Clearly, the department is a long, long way off its eight-week target. My office has been pursuing the matter for Mr. Prutton and there have been numerous phone calls to the office of the chief executive of the VAT department. I, too, have got nowhere, apart from promises. This morning, belatedly—

Mr. Deputy Speaker: Order. I am sorry to interrupt the hon. Lady, but I think that she is moving beyond the terms of both the motion and the Government amendment. There is a separate issue, I know, about VAT registration delays, but I do not think the case she is making fits in good order with the terms of the motion.

Angela Watkinson: I read the motion quite carefully and thought that I was making an argument for systemic failure in HMRC—I accept the Chair’s advice, of course—and the security of individuals’ data, which is another element of the motion. If you will allow me to continue, Mr. Deputy Speaker, I shall.

Mr. Deputy Speaker: If the hon. Lady can steer more in that direction, she may continue. The point about security is the main theme of the debate this afternoon.

Angela Watkinson: I shall curtail my comments even further than I had intended.

28 Nov 2007 : Column 339

May I ask the Minister to do whatever she can to find out where Mr. Prutton’s documents are, whether his case is being dealt with, and whether that is an indication of systemic failure within the VAT department? I received a letter this week from the Federation of Small Businesses suggesting that the problem is widespread and asking for something to be done about it.

3.49 pm

Mr. Philip Dunne (Ludlow) (Con): In the short time available to me before the wind-ups, I should like to focus on three specific aspects of this shoddy state of affairs. First, I want to speak up for the chairman of HMRC, Mr. Paul Gray, who has been a regular witness before the Public Accounts Committee and one of the few senior civil servants who has been prepared to acknowledge error where it has occurred within his department. He has had to deal with many difficulties arising out of the merger of the Inland Revenue and Customs, to which other hon. Members have referred. In this case, he saw the seriousness of the failure and was accountable in a manner that must be applauded across government and is in stark contrast to the approach taken by some of the other heads of department, on whose watches similar disasters have occurred. In such cases, they have not taken responsibility. Ministers must carefully examine how Mr. Gray has conducted himself and how they are conducting themselves. I applaud him for that.

My second point deals with the sequence of events and responsibility. As my hon. Friend the Member for Tatton (Mr. Osborne) pointed out in his opening remarks, the Government have been quick to blame junior officials. The National Audit Office e-mail exchanges with HMRC, which came out two days after the Chancellor’s statement, are extremely revealing. In contrast to what the Chancellor said earlier, it is clear that there are two aspects to this calamity. The first aspect is that the CDs were put in the post and transmitted contrary to procedure—that clearly should not have happened. The second aspect is the decision to provide sensitive data, which is more fundamental and lies at the heart of this problem.

I understand that the NAO requested a set of data in order to verify its sampling methodology when it came to do the audit of child benefit, because that area of work had been taken within HMRC having previously been done by the Department for Work and Pensions. The NAO sought certain data, but those did not include sensitive data such as bank account details and addresses that would identify individuals. Several people in the department—not just a junior official—were involved in deciding to provide the full set of data.

That is made crystal clear in an e-mail of 13 March 2007 timed at “15:23”. Because of the measures taken to protect the identity of the individuals concerned, we do not know exactly who in HMRC sent it, but we can see that it was copied to one person at the NAO—we presume it was sent to the NAO—and to three people in HMRC, one of whom, we are led to believe, is the process owner for child benefit.

The first sentence of the e-mail states that somebody had

It is thus evident that consultation was taking place at different seniority levels in HMRC on the issue of how much data should be provided. It continues:

28 Nov 2007 : Column 340

The important bit is the fact that the e-mail goes on to state:

Two other departments in HMRC are involved—quite apart from there being a direct interface with HMRC—in making this decision. The e-mail goes on to say:

That exposes the fact that this was all about saving money within HMRC and not about protecting data. That is where the Government have not come clean in their explanation of why we got into this sorry state of affairs.

In an intervention on the Chancellor, I referred to encryption and data protocols. It is lamentable that Treasury Ministers have not been prepared to tell us that they have undertaken a complete overhaul of data protection procedures in their Department. It would be refreshing if the Minister were prepared to be a bit more forthcoming about exactly what Ministers have asked to be undertaken in their Department. Perhaps she could also explain what distinguishes those procedures from those that were in place before this terrible state of affairs arose.

The Government do not seem to realise the impact of this data loss on our population. There is fury out there that such sensitive data could have been lost. People can no longer trust the Government with their bank details, so how can the Government possibly expect people to trust them with even more sensitive data such as those that will be needed for an ID card? I take no pleasure in saying this, but this Government have lost the trust of the people.

3.55 pm

Mr. David Gauke (South-West Hertfordshire) (Con): When the House was informed last Tuesday that the entire database of families receiving child benefit had been lost, there was a sense of shock on all sides. Details of every child in the country, details of the bank accounts of 7.5 million families, and details of 25 million people were downloaded on to two discs by a Government official, put in the post and lost. What has become clear in the past few days is the utter inadequacy of the Government’s performance before and after this appalling breach of security.

As we have heard from my right hon. Friends the Members for Charnwood (Mr. Dorrell) and for Wokingham (Mr. Redwood), there is a failure of culture within HMRC in terms of respecting the sanctity of personal data. As my right hon. Friend the Member for North-West Hampshire (Sir George Young) said, Government policies have contributed to the strains put on HMRC. One of those strains, as my hon. Friend the Member for Upminster (Angela Watkinson) pointed out, has been caused by failures in VAT registration applications. My hon. Friend the Member for Ludlow (Mr. Dunne) showed how the information provided by the National Audit Office and the e-mails there put the Government’s position in a very poor light.

28 Nov 2007 : Column 341

There are three elements to the Government’s performance in this matter: incompetence, complacency and evasiveness. First, on incompetence, last week the Government portrayed this security breach as the consequence of the actions of one individual. Before turning to the detail of that claim, let me make it clear that this was no isolated incident of failure. There is a long list of data security failures by HMRC, but its failures are broader than that. Business and professional organisations are damning of its performance, whether it be delays in VAT registrations, problems in filing online returns or inaccurate collection of income tax through pay-as-you-earn—not to mention the disastrous administration of the tax credits system, with billions of pounds being overpaid, billions underpaid and billions lost through fraud and error.

Let me run through some of the examples of data protection failures. In September 2005, the names and addresses of UBS customers were lost. In May 2007, 42,000 families’ tax credits and bank details were lost. In August 2007, the details of 400 people were left on a laptop in a stolen car and lost. In October 2007, HMRC lost a package containing six discs that went missing in the post. In November 2007, it emerged that HMRC had lost a CD-ROM containing confidential data on 15,000 Standard Life customers. The loss of child benefit data is clearly not a one-off. Losing data appears to be part of the culture of HMRC. It does not mean to, but it is like the England football team adopting route one tactics or the Labour party getting embroiled in funding scandals. HMRC appears to be unable to stop losing data on a regular basis; it has form.

That brings me to complacency. On every occasion that data are lost, up pops a Minister to declare that it will not happen again—that it is a one-off. To be fair to the Chancellor, this time he did not say that, but that is what usually happens. Then they say that procedures are being reviewed urgently. We are always told that HMRC takes confidentiality very seriously and that it has robust procedures to protect information, yet still, within weeks or months, another breach occurs. Can Ministers honestly say that they are confident that another security breach is not on the cards? Are they confident, for example, that the tax credits database is secure?

Let us return to this particular security breach. What was the Chancellor’s first response? Reasonably, he immediately instructed that comprehensive searches be carried out of all premises where the missing data might be found—fair enough. One might have thought that HMRC would have thought of that, but it is a reasonable first response. Given the seriousness of the breach, and the urgent need to recover the discs, one might have assumed that the instruction would not just have been issued immediately, but implemented immediately. Indeed, the Chancellor told the Commons that he asked for an immediate investigation to be initiated that weekend. But what the Chancellor did not tell us—we learned this only with the release of the NAO briefing paper last Thursday—was that it appears that NAO searched its offices for the first time seven days later, on Saturday 17 November. If I am wrong, I am happy to be corrected. If that constitutes an immediate investigation, no wonder satisfaction with HMRC is so low.

28 Nov 2007 : Column 342

While HMRC delayed the undertaking of a proper search, what did the Chancellor do? The Government have consistently emphasised that there was no evidence of fraud as a consequence of the missing discs, as far as we know, but remember that at that time they did not know that because they had not spoken to the banks. There was a distinct possibility at that time that the discs were in the hands of fraudsters, and for all the Government knew, millions of pounds could have been being stolen from 7.5 million bank accounts. The Chancellor failed to tell the institutions that could do something about it—the banks—to prevent that from happening on the Monday, Tuesday, Wednesday, Thursday or for most of the Friday.

For four days, the Chancellor left our bank accounts vulnerable simply because he hoped that our discs would turn up, and only told the banks late on the Friday. The Chancellor would not, or could not, recognise the seriousness of the situation and take immediate and necessary steps to protect our security by letting the banks know. What is the Chancellor’s response today? Sensitive data will be sent to third parties only with the consent of senior officials. But we know from the NAO e-mails that senior officials consented to the transfer to third parties when such a breach happened in March 2007, so today’s announcement takes us no further on at all.

Let us look at evasiveness. Despite the Chancellor’s protestations today, it was clear last week that the Government’s case was that one junior official was to blame. The procedures were clear, but they were breached by a 23-year-old junior clerk, acting on his own. That was the impression given. He was left hung out to dry, treated no better than the deputy leader of the Labour party. But we now know that HMRC officials were involved in an e-mail exchange about sending the full child benefit data to the NAO, including the

a senior manager. It is clear from that e-mail exchange, as my hon. Friend the Member for Ludlow pointed out, that despite the requests of the NAO to strip out details relating to bank accounts, HMRC did not do so because of cost, and a number of HMRC officials, some of them quite senior, knew that to be the case. A HMRC manager—not an official, as the Chancellor said—made the decision to provide the full data.

At no point in the Chancellor’s statement last week was that made clear. The Prime Minister said it was a matter of procedures being in place, but not followed. He said that the manual of protective security stipulated that any data sent out should have been encrypted. However, as The Sunday Times pointed out in its investigation, officials in the child benefit office

An IT expert, Andrew Beckett, pointed out:

What happens in practice? We learn that private financial firms and advisers regularly receive CDs containing unencrypted sensitive personal data. Legal & General, Norwich Union and Prudential all said that that happened last week. Let us get some straight answers. How many officials had access to the child benefit database? How
28 Nov 2007 : Column 343
many officials had authority to download it? How often were data sent out from Washington encrypted and unencrypted? Are other databases, which the NAO examines, such as the income tax pay-as-you-earn database, provided in the same way? How many officials knew that the full database was being sent to the NAO? How senior were the officials? Why did the Chancellor inform the banks six days after finding out about the breach?

The Government’s explanations have unravelled. When the public have demanded openness and honesty, the Government have been evasive. When the crisis demanded decisiveness, the Chancellor dithered. When the country needed competence, the Government and HMRC were a shambles. Not only two computer discs, but the Government’s credibility has been lost. For all the attempts to blame one young clerical assistant, the British public know where the blame lies—with the Government. I urge the House to support the motion.

4.5 pm

The Financial Secretary to the Treasury (Jane Kennedy): I appreciate that the subject of this debate concerns the House, and I thank all those who have contributed. Before I consider the detail of the discussion, let me say to the hon. Member for Upminster (Angela Watkinson) that I will look into the constituency case that she raised and deal with it outside the debate. That is probably the appropriate response.

Let me quickly thank my hon. Friends the Members for Colne Valley (Kali Mountford), for Wolverhampton, South-West (Rob Marris), for Broxtowe (Dr. Palmer) and for West Bromwich, West (Mr. Bailey) for participating in the debate, bringing to it great knowledge and dealing with it in a much more measured manner than some Opposition Members. The subject should be approached with the utmost seriousness.

The motion asks for an explanation of how the security breach occurred. My right hon. Friend the Chancellor set that out in his statement to the House on 20 November. He has been absolutely consistent and accurate in his comments in the House last week and today. The hon. Member for Tatton (Mr. Osborne), the right hon. Member for Wokingham (Mr. Redwood) and the hon. Member for South-West Hertfordshire (Mr. Gauke) are entitled to be indignant, but they should recognise what I believe all fair-minded Members would acknowledge: my right hon. Friend the Chancellor has the deepest respect for the traditions of the House, especially in how he deals with it as a Minister. My hon. Friend the Member for West Bromwich, West acknowledged that, for which I thank him.

As my right hon. Friend the Chancellor said, we do not have all the information that we need to establish what went wrong and how two discs containing highly sensitive and personal information came to be missing. That is why Kieran Poynter’s report is so necessary.

Next Section Index Home Page