Previous Section Index Home Page

Today the Chancellor has to explain HMRC’s responsibility for the most catastrophic data security breach in British history, against a backdrop of its responsibility for the loss of confiscated drugs, money, passports and perhaps weapons, not to mention £5.7
17 Dec 2007 : Column 614
billion of overpaid tax credits. In a few minutes another Cabinet Minister will bob up to admit to yet another serious data breach of security. What we and the public want is simple—a concrete assurance that such a catastrophic failure of data security will not happen again. As with every Treasury disaster, whether it is a failed bank or a lost disc, the starting point must be to establish exactly what happened and how it was allowed to happen. That is what the Poynter review was set up to do.

The Chancellor told the House on 20 November that responsibility lay with a junior official who had broken the rules. That line started to unravel almost immediately. First, the National Audit Office produced e-mails that established the involvement of senior HMRC officials in an earlier decision not to filter data in response to NAO requests, which is confirmed at paragraph 16 of the Poynter interim report.

Then data experts confirmed that the ability to download such a large volume of sensitive data to disc without authorisation signalled the absence of the most basic protections that should be built into any data-handling system. Finally, in the face of the mounting evidence, the acting chief of HMRC admitted that a systemic failure had occurred in that vast and unwieldy department cobbled together by the Prime Minister when he was Chancellor of the Exchequer.

We will obviously study the Poynter interim report with great care and we look forward to the final report. We welcome the ban on transfers of bulk data and the disabling of computers to prevent downloading to disc, but why on earth was that simple precaution not already in place? We welcome, too, the publication of the long delayed capability review, recognising HMRC’s need to rebuild its reputation with the public.

Can the Chancellor answer the following specific questions? Can he confirm that it was the practice that passwords were included on a note enclosed with data discs, and did that happen on this occasion? Who was the most senior official to be made aware of the decision routinely to send unfiltered databases to NAO in order to save cost? At what level was the downloading of the data to disc authorised in this particular case, and if it was not authorised, how was it physically possible? Finally, now that he has had time to think about it, can the Chancellor answer the question that was put to him on 20 November: why were police not informed for four days after he personally was aware of the loss, and the banks not informed for six days?

The question is not who put the discs in an envelope and dropped them in an unregistered mailbag. In any large organisation, stupid mistakes occur. That is why well-run, functional organisations have data security systems in place—systems to ensure that sensitive data are filtered out of files, systems to ensure that large volumes of data cannot be downloaded to disc, systems to encrypt personal information, systems to track important material when it is sent off the premises, and systems to make sure of a swift and appropriate response, rather than dither and delay, when something goes wrong. We have a term for when such systems do not work: we call it systemic failure. Responsibility for systemic failure lies not with junior staff, but at the very top. Two long months ago, the Chancellor said on the BBC that what people

17 Dec 2007 : Column 615

They do indeed, and the Government have failed them. In the face of the overwhelming evidence of the systemic failure behind this disaster, the statement today can be described only as a wholly inadequate response from a wholly inadequate Chancellor.

Mr. Darling: First, I am grateful to the shadow Chancellor for taking the trouble to write to me to explain why he could not be here this afternoon; I quite understand his reasons. However, it is clear that his deputy had nothing in particular to say.

I asked Mr. Poynter to look into the facts and circumstances surrounding the loss of the data. He started doing so three weeks ago and, as he says, it is far too early for him to draw conclusions. As I have said on a number of occasions, we need to find out what happened and why, and to learn the lessons. When we have the final report next year, we can get the conclusions and implement them.

The hon. Member for Runnymede and Weybridge (Mr. Hammond) referred to paragraph 16 of Mr. Poynter’s report, but if he was going to quote it, he might as well have quoted it all. Mr. Poynter makes the point that he has seen the e-mail in question but that it does not “on its own” prove that the official took the decision referred to. In other words, further investigations need to take place.

The hon. Gentleman asked about the capability review, which was not held up, but was completed last week; I thought it appropriate to publish it today, alongside the interim report. The hon. Gentleman also asked a number of specific questions that are precisely the ones that I have asked Mr. Poynter to address. I suggest that we should get Mr. Poynter’s report and draw our conclusions after that.

John McFall (West Dunbartonshire) (Lab/Co-op): When he appeared before the Treasury Committee, Dave Hartnett, the acting head of Revenue and Customs, left open the question whether there were systemic flaws. No doubt in the coming weeks we will question both him and the National Audit Office. The NAO is very much involved in the situation, as evidenced by its letter of 9 November to Revenue and Customs offering an apology.

As we take the issue forward, can the Chancellor give us reassurance that both on the Gershon efficiencies and on the reduction of staff numbers he will be sympathetic to Revenue and Customs, which is a young organisation that has brought two different departments with two different cultures together? Such sympathy and sensitivity from the Government is essential. Will the Chancellor give us that reassurance?

Mr. Darling: I agree with much of what my right hon. Friend has said. I certainly agree that, as I said in my statement, all of us should acknowledge the hard work and dedication of staff at Revenue and Customs. It is a major exercise to bring together two major departments. Perhaps I should remind the hon. Member for Runnymede and Weybridge (Mr. Hammond) that despite his complaint about Revenue and Customs, the Conservatives supported the bringing together of the organisations at the time, as did just about every other Member.

17 Dec 2007 : Column 616

However, my right hon. Friend is right: in merging two organisations, issues clearly have to be tackled. We need to learn from the problems that may have arisen and put them right. Indeed, Dave Hartnett, the acting chairman, has already made announcements about changing the management system and that will provide for clearer accountabilities.

On the National Audit Office, I said in my original statement on 20 November that Sir John Bourn had rightly decided to mount his own inquiry and that there would be close co-operation between the NAO inquiry and that conducted by Kieran Poynter. It is absolutely essential that we learn all the lessons, which will include how the request for the information for audit came to be made in the first place, at what level it was made and how it was dealt with by HMRC. All those facts need to be determined by Mr. Poynter, but we do not yet have them.

Dr. Vincent Cable (Twickenham) (LD): May I thank the Chancellor for his courtesy in bringing us up to date? I hope that he appreciates the damage that has been done to public confidence by this episode, compounded by the events in Coventry and the report on the Driver and Vehicle Licensing Agency about which we shall hear shortly. If data and valuable information are consistently lost, stolen or abused, the public completely lose confidence in government in general at all levels. It is difficult to see how we can have confidence in the Government’s proceeding with much more ambitious initiatives not only the compulsory—identity card scheme, but the DNA database and the NHS spine.

The Chancellor exchanged comments with the Conservative spokesman on the specific issue of the distinction between systemic and procedural failure, with systemic failure being the responsibility of Ministers and procedural failure being that of officials. That is a subtle semantic distinction of which St. Thomas Aquinas would be proud, but surely the fundamental point is that good systems produce good procedures and bad systems produce bad procedures. In this episode, we have had bad systems and bad procedures.

I welcome what the Chancellor said about the ban on the transfer of data without encryption. That is clearly the way forward. Has he secured the full agreement of the IT companies to use outside encryption specialists to enable that work to proceed? More generally, has he now agreed that it would be completely inappropriate to try, as he has been doing, to block through the courts the publication of the gateway reviews on the way in which the IT companies manage their affairs in Government Departments?

In terms of the Chancellor’s comments about the integration of the work of the Poynter study and the wider 2006 study of Government Departments, what is the significance of the work that David Varney, the former head of the HMRC, is doing on so-called transformational government? Is not the purpose of the study to break down barriers in data transfer between Government Departments? Is there not a danger that if that proceeds without proper safeguards it will merely compound the danger of the kind of error that we have already experienced?

Finally, I want to ask two or three specific and narrow questions. The Government have been asked some parliamentary written questions, not least by my
17 Dec 2007 : Column 617
hon. Friend the Member for Falmouth and Camborne (Julia Goldsworthy), about whether there are protocols that govern data transfer within government. None of those questions has been answered, including those asked of the Chancellor’s own Department. Are we to infer from that that there are no protocols? Is that what that obfuscation is designed to achieve?

When the Government sent out their letter of apology, they sent out millions of letters containing large amounts of personal data that far exceeded what was necessary to communicate an apology to their recipients. Since, according to information from the Courts Service, it seems that 8 per cent. of all official letters go astray, have not the Government compounded the original disaster by putting out large amounts of personal data that will simply finish up in the wrong hands?

Mr. Darling: On the hon. Gentleman’s last point, I have some sympathy for what he says. I think that HMRC’s intention was to apologise to all those who receive child benefit, but I do not think that it was ever intended that that letter, too, would be accompanied by information that, as far as I can see, did not need to be sent. I agree with the wider point that the hon. Gentleman raised in that respect.

The Government, of necessity, hold a great deal of information on behalf of citizens of this country and we need to be careful to reconcile two things. First, we must maintain people’s privacy, by ensuring that we do not send out information that might fall into the hands of people who are not entitled to receive it and might cause difficulties for people’s security or general privacy. At the same time, as the hon. Gentleman rightly says, we must accept the fact that in health services, for example, there might be good reasons for different hospitals, GPs and others to be able to obtain information to provide a better service for patients. It suggests to me that in government, as well as in the private sector, we need to ensure that procedures are far tighter, that people are aware of them, and that they are properly enforced. The Poynter review, as well as other work that is being carried out, will achieve that.

Finally, if we are not answering parliamentary questions on these matters, I will look into that when I get back to the office and try to answer the hon. Gentleman as soon as I can.

Mr. Fraser Kemp (Houghton and Washington, East) (Lab): May I welcome the Poynter report, particularly when it refers to committed people with honesty and integrity? I also thank the Chancellor for his comments about the dedicated and hard-working staff. Does he agree that, given all that has gone on in recent weeks at HMRC in Washington, the staff have shown great fortitude despite inaccurate attacks on their town and attacks on their ability to deliver child benefit—which has been massively increased by this Government—to millions of families? That benefit will be particularly welcome and important in the run-up to Christmas.

Mr. Darling: I agree with my hon. Friend. As I said in my statement—and as has been acknowledged in the capability review—there are many people working for HMRC who do a first-class job and who are dedicated to what they do. Many of them have worked for the
17 Dec 2007 : Column 618
service for many years. However, we owe it to them to ensure that we have the proper procedures in place so that they can do their job properly, in addition to meeting our principal objective of providing a first-class service to the public and ensuring that, when information is provided on a confidential basis, it remains confidential.

Mr. Michael Fallon (Sevenoaks) (Con): If the Chancellor is really arguing that seven serious breaches of security in the two and a half years since HMRC was founded do not constitute a systemic failure, how many does he think that it would take before the failures could be judged as systemic? Will he also confirm that there has now been an eighth breach of security, at the HMRC store at Coventry airport?

Mr. Darling: Yes, there was a breach of security at the weekend at an HMRC store. I say to the hon. Gentleman that I would prefer to draw my conclusions when I have the benefit of the facts established by Kieran Poynter. I appreciate, having listened to many Opposition Members, that the last thing that they want is the facts.

Mr. Kevan Jones (North Durham) (Lab): May I concur with my hon. Friend the Member for Houghton and Washington, East (Mr. Kemp)? Many of my constituents also work at the child benefit centre in Washington. Does my right hon. Friend the Chancellor agree that it is all very well to have procedures, but that they are useless unless people know about them? Would he care to comment on a story in The Guardian last week that clearly stated—possibly based on rumour—that many of the staff in the child benefit centre did not even know about the procedures that were already in place?

Mr. Darling: As I have said on many occasions, it is important to proceed on the basis of the facts to be established by Kieran Poynter, and then to draw our conclusions, rather than to proceed on the basis of what may or may not be in a newspaper.

Mr. Iain Duncan Smith (Chingford and Woodford Green) (Con): Notwithstanding what Poynter may come up with, does the Chancellor recognise that, in years past, this event would have been seen as a serious problem or even a disaster? Right now, however, given the lack of public confidence in the banking system following Northern Rock and some of the huge write-downs that are likely to be announced over the next few months, does he not agree that the Government have a responsibility to make it clear to members of the public where the liability should lie, should any fraud take place? Will he tell us whether he believes that, in the case of fraud, liability should lie with the Government or with the banks?

Mr. Darling: I disagree with the right hon. Gentleman that the two issues can be conflated in the way that he suggests. The loss of data was caused primarily as a result of the two discs concerned being posted in an envelope that was not registered and that did not arrive at its destination. The present uncertainty in the financial markets arose from problems in the housing market in the United States. Yes, it has spread beyond that, but the two issues are not related.

17 Dec 2007 : Column 619

Dr. Tony Wright (Cannock Chase) (Lab): My right hon. Friend is obviously responding correctly to a calamitous event for which he was not responsible. He is taking steps to find out exactly what happened, and to ensure that it does not happen again. May I ask him a question on a slightly wider point? The National Audit Office is concerned with matters of financial audit, but we do not have an equivalent body to deal with matters of administrative or performance audit. A proposal has been made by a former Cabinet Secretary that we need such a body. Do not recent events make the case for such a body even stronger?

Mr. Darling: I am grateful for what my hon. Friend said in the first part of his question. In relation to the second part, that is something that Kieran Poynter might suggest. I do not know; we shall have to wait for him to reach his conclusions. My hon. Friend makes the good point that if there are systems in place, we need to ensure that they work and that they are being operated on a daily basis. Ensuring that confidentiality is in with the bricks in any Government organisation—and, indeed, in any private sector organisation—is very important.

Mr. Edward Leigh (Gainsborough) (Con): But some facts have emerged in recent weeks, have they not? We know now, for instance, that on 13 March the National Audit Office asked for the personal details to be stripped from the data. We know that it was a senior executive officer in HMRC who refused that request on cost grounds because of a contract with EDS—

Mr. Darling indicated dissent.

Mr. Leigh: Well, that is what I have been informed by the Comptroller and Auditor General, and we also know from that e-mail that that was copied to the senior process owner. Although we obviously have to await the final recommendations, some things are clear, so will the Chancellor now accept that there needs to be change at the very heart of HMRC, and that the privacy of taxpayers must be sacrosanct and cannot be compromised in any way because of a contract with EDS or cost-saving measures?

Mr. Darling: We do not know all those things, as I believe the hon. Gentleman well knows. The Poynter inquiry, and, indeed, the parallel inquiry of Sir John Bourn on behalf of the National Audit Office, were set up precisely because we need to find the facts before drawing our conclusions. I am not sure whether the hon. Gentleman has had an opportunity to view Mr. Poynter’s interim report, but it says that although the e-mail in respect of the first request in March was copied to the person responsible for the data:

Next Section Index Home Page