An accident waiting to happen

Her Majesty’s Revenue & Customs, the giant government department responsible for tax, benefits and customs, have lost 25 million records relating to child benefit. In my mind and the minds of many ORG and FIPR people this was an accident waiting to happen.

The Government has consistently shown very basic misunderstandings of what IT can and can’t do as well as how smart folk can abuse simple failings. As a result aggregating lots of sensitive personal data should be avoided at all costs. In this case however it didn’t take a smart hacker to potentially leave bank and personal information to identity thiefs. A ‘low level’ worker burnt to CDs the database of 25 million records which was then lost by a courier somewhere between HMRC and the National Audit Office.

Any system which allowed a so-called ‘low level’ member of staff to burn any records let alone millions to CDs has fundamental security failings. Getting bulk data (i.e. more than one at a time) out of the system should be highly restricted. While I welcome the Audit Offce’s commitment to carefully checking HMRC’s work, the requirement to analyse such quantities of live data has to be re-examined. I also sense that Data Protection and the Information Commissioner have been given insufficient regard.

Green policies see the management of a complexity of tax benefits, credits and grants as a burden on society. Takeup of many of these is low and the cost of administration is enormous. The Green Party wants to see a radically simplified tax and benefit system based on a livable citizens’ income and local income taxes which mean you pay on the basis of what you earn, not what someone reckons your house is worth.