Previous Section Index Home Page

What the hon. Gentleman said about that was quite wrong. In addition, I was not going to labour the point, but I should draw the House’s attention to the letter written by the second director at the National Audit Office to the same senior official in HMRC on 9 November, in which it is recognised that the way in which the request was communicated—let me put it this way—could have been better. An apology was
17 Dec 2007 : Column 620
given for what happened, but let us wait and establish the facts rather than rush to judgment, which the hon. Gentleman has been rather quick to do of late.

Rob Marris (Wolverhampton, South-West) (Lab): May I thank my right hon. Friend for keeping the House informed? Our constituents get sick and tired of being asked for the same information repeatedly by organisations—whether they be in the private or the public sector—particularly when they generally regard the Government as one undivided body, so will my right hon. Friend assure me that his Department will continue with the policy of “ask once, use many times”, while at the same time maintaining the highest standards of security and privacy for data?

Mr. Darling: I agree with my hon. Friend that people get fed up with being asked for the same information by what they perceive to be the same organisation. Perhaps that illustrates the point raised by the hon. Member for Twickenham (Dr. Cable)—that if information is to be transferred between Departments, we need to ensure that there are sufficient safeguards so that only the person who is supposed to get the information actually receives it. That is why the review set up by the Cabinet Secretary, Sir Gus O’Donnell, is important to ensure not so much that individual Departments have the right safeguards, but that if information is transferred, it is done in an appropriate way. We need to marry up the two requirements of ensuring confidentiality while also ensuring that when it is in the public interest and the interest of individuals for information to be shared between different organisations, that can happen on a proper footing.

Julia Goldsworthy (Falmouth and Camborne) (LD): After the data loss, the Government set up a helpline so that those affected could discuss their concerns. Will Mr. Poynter’s review be looking into the operation of that helpline to determine how many calls were made and also why the decision was made to use an 0845 number, particularly when it costs some mobile phone users 40p a minute to access it? Should those affected be paying through the nose to sort out the Government’s problem?

Mr. Darling: No, Mr. Poynter will not be looking into that. If the hon. Lady would care to table a parliamentary question on the number of people who contacted the hotline, I will certainly answer it. We were anxious to make sure that a helpline was available fairly quickly, which meant that all those things had to be organised in a matter of days and we did the best we could. It was quite heavily used on the first day or so, but I understand that usage tapered off after that. We tried to do our best to ensure that help was available, which meant that arrangements had to be made fairly quickly.

David Taylor (North-West Leicestershire) (Lab/Co-op): My 30 years’ experience in public sector IT suggests that a prerequisite for secure, stable and successful systems is close end-user involvement at the specification, design, development, testing and implementation stages. In the light of two decades of substantial contracting out of those processes to the private sector, does the Chancellor of the Exchequer expect that Kieran Poynter’s
17 Dec 2007 : Column 621
final report might question the logic of that continuing process, and urge that the Government try to restore the knowledge and ability within their own ranks so that they can once again be an intelligent client and not be allowed to be sold some duff systems that are utterly insecure in operational practice?

Mr. Darling: That is another case in which it would be best to get Mr. Poynter’s conclusions and findings and then decide how we are to proceed.

Anne Main (St. Albans) (Con): When we had the dreadful news about the mess-up over the loss of information, we were reassured that any financial losses, if they happened at all, would be monitored, and people were urged to be vigilant. May I ask what measures have been put in place to prevent inappropriate access to children whose data were included on the lost discs, in case people use that data to make contact inappropriately?

Mr. Darling: As I said in my statement, the banks are constantly monitoring the accounts, and the vast majority of child benefit payments are made through a fairly small number of banks. The banks have been able to check their records back to 18 October, when it is believed that the discs were posted, and have not found any evidence of irregular or unauthorised dealings. They will continue to do that, just as members of the public will be vigilant when they look at their bank statements. We have also been in touch with organisations representing children’s interests, and I have spoken to my right hon. Friend the Secretary of State for Children, Schools and Families to see what steps are appropriate. The hon. Lady raises an important point. We must put in place the right procedures and decide in due course whether, and to what extent, it is right to give any publicity to what we are doing in that regard.

Sammy Wilson (East Antrim) (DUP): I welcome the statement but I am not sure that the public will be reassured that their personal details are safe in Government hands, especially as there seems to be a new revelation of inept handling of data by Government Departments every week. Only last week, the Northern Ireland Assembly was informed that 7,000 vehicle owners in Northern Ireland had their details lost when data were sent unsecured through the post. Will the Chancellor assure me that the spot-checks to which he referred in his statement will extend to Government Departments under the control of devolved Administrations across the United Kingdom? In light of the weekly revelations, does he understand why people are increasingly concerned about the introduction of ID cards in the future?

Mr. Darling: I agree that it is important to put in place safeguards, not just for the United Kingdom Government but for the devolved Administrations, and Sir Gus O’Donnell’s report makes specific mention of that. I do not agree with the hon. Gentleman, however, about ID cards. As I said to the acting leader of the Liberal Democrats, the hon. Member for Twickenham, an increasing amount of information is held by Government Departments. In addition to that, those in the private sector, whether banks, supermarkets or organisations such as Google, have a remarkable amount of information
17 Dec 2007 : Column 622
and can build quite a detailed picture of what each and every one of us does. The point of ID cards is to ensure that that information is linked to the person who is supposed to get it. I see such a mechanism as a safeguard for me as an individual, because I can be far more confident that any information held about me, whether by the Government or the supermarket that I use, will only be released if I am happy for that to happen.

Adam Afriyie (Windsor) (Con): Many of us in the House who have experience of information technology will know that removing a column from a spreadsheet, or removing some data from even a large dataset, can take just a few seconds. Will the Chancellor tell us how much it would have cost to remove the sensitive data from the discs before they were sent?

Mr. Darling: As I said, the whole point of Kieran Poynter’s inquiry is to find out all this information, and that is what he is doing.

Mr. Richard Bacon (South Norfolk) (Con): How long can it take Kieran Poynter to establish the answer to that simple question? Dave Hartnett, the HMRC’s acting chairman, said two weeks ago that that was one of the items that Kieran Poynter would consider. It would be a very simple matter to find out how much it would have cost to desensitise the data, which would have been easy to do and would have de-risked the whole operation.

Mr. Darling: I asked Kieran Poynter—with, I think, general support—to take a thorough look at what had happened, at the previous incidents, and at anything else that he considered relevant. Inevitably, coming to the House with an interim report that is only three weeks old leaves a number of entirely legitimate questions to be answered, and they will be answered in the final report. I told the House that I would come back when the interim report was ready, and that is why I have made my statement today, but, as Members well know, many of the questions that they are asking will be answered only when we have Kieran Poynter’s final report.

Mr. Mike Weir (Angus) (SNP): The Chancellor says that there is no evidence of attempts to commit fraud by means of the data. That may not be altogether surprising, given the immense publicity and increased awareness over the last couple of months, but do the data not give rise to the possibility of fraud for many years to come?

Has the Chancellor had any discussions with the banks about how long they will continue to monitor the affected accounts? Will he also tell us whether the data were sent out with a password or whether the password was sent separately?

Mr. Darling: I think that I said on 20 November, when I made my earlier statement, that the data were password-protected, but I also said that they needed to be encrypted in order to be protected more adequately. Monitoring will continue for the foreseeable future, but one of the things on which I want Kieran Poynter to advise us is what further steps we might take.

17 Dec 2007 : Column 623

Mr. Charles Walker (Broxbourne) (Con): Since this problem occurred two months ago, millions of letters have been sent to families apologising for the fact that their details were given out, and thousands of hours of officials’ and police time have been spent on trying to resolve the problem. What, to date, is the total cost to the taxpayer of the clear-up operation?

Mr. Darling: It is not possible to answer that question at the moment. What I will say is that I think it entirely right that the police were called in, entirely right that HMRC has devoted considerable resources to trying recover the data, and entirely right that we should spend the appropriate amount of money in order to find out what happened and then put it right.

Greg Clark (Tunbridge Wells) (Con): The whole House will be relieved to see that the Minister for the Cabinet Office is present, as he is responsible for information security. What discussions has the Chancellor had with the Minister? In particular, when did he brief him on the report that he received in February from Sir Edmund Burton, which said that there was a systemic problem affecting all Departments in relation to information security?

Mr. Darling: I have many discussions with my colleagues about a range of matters, almost continuously.

Mr. Brian Binley (Northampton, South) (Con): The Chancellor has confirmed that a theft took place from a secure HMRC store in Coventry. Will he now tell us exactly what went missing? Did it involve drugs, or guns? What action has been taken to recover the property? Is all this the result of a systems breakdown across the whole service, or of continued procedural lapses that are independent of one another?

Mr. Darling: As I said a few moments ago, I can confirm that various materials have gone missing from a warehouse. [Hon. Members: “What are they?”] The matter is being investigated by the police, and in view of that I do not think I should say anything further.

Several hon. Members rose

Madam Deputy Speaker (Sylvia Heal): Order. It is time for the next statement.

17 Dec 2007 : Column 624

Department for Transport Data Storage and Use

5.3 pm

The Secretary of State for Transport (Ruth Kelly): With permission, I shall make a statement about measures that I am taking to improve the security of personal data in the context of the Cabinet Secretary's review of data across Government. I also wish to update the House on a particular security breach earlier this year relating to the loss of personal—but not financial—data by a private contractor for the Driving Standards Agency. I shall give the details of that incident later in my statement, but first let me explain some of the background.

My Department and its agencies handle hundreds of millions of transactions with road users every year, ranging from the payment of vehicle excise duty to the licensing of new bus or road haulage operators. So that a good service can be provided for customers, personal information needs to be shared between systems. For example, motorists can only renew their car tax online, because the Driver and Vehicle Licensing Agency can check information with the Vehicle and Operator Services Agency and with insurers.

As the Cabinet Secretary has made clear in his interim report on data security, the public have a right to expect that the information they provide to Government will be held securely and used appropriately. Let me therefore set out five key actions that I am taking to apply that principle and improve security of information in my Department and its agencies.

First, recent events have highlighted the risks associated with the physical transfer of data by disc, tape or hard disc drive. Much data transmission by my Department and its agencies is already, or soon will be, by electronic transfer. For example, driving test results are sent electronically from the Driving Standards Agency to the DVLA and MOT results are recorded on computer by garages and then sent, in bulk, to the Vehicle and Operator Services Agency by secure electronic transfer.

I can announce today that the DVLA has created a new link to provide regular information to the police by electronic transmission. After a short period of testing, the present arrangements, which involve the transfer of tapes by secure courier, will cease. I have asked my permanent secretary to work with agency chief executives to accelerate other plans for further transfer of data electronically, wherever that is reasonable and cost-effective.

Secondly, I can tell the House that I intend to move forward with plans to merge two separate databases of registered vehicles that are currently held by the DVLA in Swansea and the Driver and Vehicle Agency in Northern Ireland. The vulnerability that that creates was illustrated by the recent loss of two discs in transit from Northern Ireland to Swansea containing the details of 7,500 vehicles and the names and addresses of their owners. We will remove that risk by merging the databases. That will also enable Northern Ireland agencies to offer a better service, including features such as online car tax, to their customers.

Thirdly, my Department will participate fully in the next stage of the Cabinet Secretary's review—in particular, the arrangements in place in private sector contractors,
17 Dec 2007 : Column 625
the transfer of data on removable media and procedures for any data stored outside the United Kingdom. My permanent secretary has also agreed with each agency chief executive that any bulk transfer of data not by electronic transmission will take place only by point-to-point transfer by a secure courier.

Fourthly, to ensure greater clarity of responsibility, my permanent secretary has today written to senior officials in my Department, including agency chief executives, drawing their attention to current guidance on the application of the Data Protection Act 1998. That includes the main principles of the Act, information on handling personal data appropriately, and the role of the Information Commissioner.

Fifthly, in order to increase transparency and in line with the interim findings of the Cabinet Secretary's review, I have decided that my Department and its agencies should cover information assurance issues in their annual reports. That will include a summary of any notifications about data security made to the Information Commissioner.

These measures are particularly important in the light of auditing data security in my Department and its agencies in the context of the Cabinet Secretary's review. In the interests of greater transparency, I should like to draw the House's attention to one such breach that affects a significant number of people. In May this year, Pearson Driving Assessments Ltd, a private contractor to the Driving Standards Agency, informed the agency that a hard disc drive had gone missing from its secure facility in Iowa City, Iowa. The hard disc drive contained the records of just over 3 million candidates for the driving theory test.

The records contained on the hard disc drive were: the name of the test applicant; their postal address; their telephone number; the test fee paid; their theory test centre; a code indicating how the test was paid for; and, where provided, an e-mail address. The hard disc drive did not contain details of any individual's bank account or credit card. It did not contain their driving licence number, nor their national insurance number. It did mot contain their date of birth, nor a copy of their signature. It did not contain the result of their test. The hard disc drive was also formatted specifically to fit Pearson’s configuration and as such is not readily usable or accessible by third parties. Pearson has confirmed that there is no external indication of the drive's contents.

In the context of the Cabinet Secretary's review of data, I asked the Information Commissioner for his views on this case and, on Friday afternoon, I received advice on his view of the risks to the public. The Information Commissioner has made it clear that he is concerned about any security breach—especially where large numbers of individuals are concerned. However, he recognises that the risks are lower where the personal data do not include banking or credit card details and where security safeguards are in place to protect the data from third-party access. As a result, on the basis of the information received so far, he has indicated that this case does not appear to present a substantial risk to individuals. He has not therefore advised that notification of each individual is needed.

17 Dec 2007 : Column 626

Nevertheless, I apologise for any uncertainty or concern that those individuals might experience. The DSA has provided advice on the website and has set up a dedicated advice line for candidates who took their driving theory test between September 2004 and April this year. I can also inform the House that Pearson has already removed the specific risk which led to the loss by using electronic transfer in place of hard disc drives.

I assure the House that I take the security of personal data in my Department and its agencies extremely seriously. The measures that I am taking, and the actions already under way, aim to ensure that transactions of this nature are conducted more effectively and efficiently in future, and to provide greater assurance to the public. I will, of course, keep the House fully informed of progress. I commend the statement to the House.

Mrs. Theresa Villiers (Chipping Barnet) (Con): Following the catastrophic breach of confidentiality at HMRC, we have another serious failure of data security, leaving more than 3 million people at risk of identity fraud. The importance of confidentiality to the Department for Transport’s agencies and contractors is particularly acute given the value of information on vehicles and drivers to car criminals and rogue drivers, so it is with great concern that we have listened to today’s statement from the Secretary of State. I am grateful to her for giving advance notice of her statement.

Turning to some of the measures that the Secretary of State is taking to improve data security in the future—merging the DVLA and the Northern Ireland Driver and Vehicle Agency database, moving to a secure courier method of transferring data, and circulating guidance on the Data Protection Act to agency chief executives and senior officials—the question we have to ask is: why are these things being done only now, after the disaster at HMRC? Surely they are basic common sense and basic good practice in line with the legislation that the Government themselves voted for? The Secretary of State has referred to the Department’s circulating information to agency chief executives, but she has not referred to the contractors working for the agencies, which are the cause of the problem that she has identified today.

Will the Secretary of State confirm that no vehicle details have been lost in this latest data failure? Will she confirm exactly how many people have been affected by the failure? What reassurance can she give to the 3 million young people whose personal data have been compromised? What steps should they be taking to safeguard their interests and minimise the damage caused by the incident? Will she admit that the hard disc was not encrypted, and that it was not even password-protected? Is there any indication of criminal involvement—was there any evidence of a break-in? When were Ministers first informed about the problem?

Next Section Index Home Page