LONDON (Reuters) - Systematic failures and “woefully inadequate” processes for handling data at the country’s tax authority led to the loss of personal details of nearly half the population, two scathing reports said on Wednesday.
Institutional problems were the reason two computer discs containing the names, addresses, bank details and national insurance numbers of 25 million people, went missing last year an Independent Police Complaints Commission probe found.
No junior members of staff could be held responsible for what was Britain’s biggest data security lapse as Chancellor Alistair Darling originally suggested, the IPCC added.
The head of the tax collection office later resigned and despite a massive police hunt, the discs were not found.
“An event like this was certain to happen -- the only question being when,” said the report by IPCC Commissioner Gary Garland, adding that staff had to deal with a “muddle through” culture.
The two discs vanished after being put in the post last October by a member of staff from HM Revenue and Customs’ Child Benefit Office in Washington, near Newcastle, to the financial spending watchdog in London, the National Audit Office.
The NAO had specifically requested that it did not require individuals’ names, addresses or bank details, and had also asked that HMRC ensure the information was sent securely.
But to save money, HMRC decided to send existing data taken from a full scan of child benefit records.
The discs were then put in the post by a member of staff, referred to as employee J, but the package was neither tracked nor sent recorded delivery.
As he placed the package in the internal mail a colleague heard him remark: “That’s it -- it’s gone.”
Garland said: “I‘m absolutely satisfied that none of the blame can be attributed to any member of staff,” adding that employees had been trying to do their best without proper training amid ignorance about the importance of data handling.
”The real problem was the woefully inadequate data-handling systems and the muddle-through ethos,“ he said.”
A second report by Kieran Poynter, the chairman of PricewaterhouseCoopers, concluded that the loss was “entirely avoidable” and pointed to serious institutional deficiencies.
It said security was not a management priority, management structures were unnecessarily complex and there was a lack of clarity in communications.
As a result, security concerns of HMRC staff were not raised with senior civil service officials.
Darling told parliament he apologised “unreservedly” to those affected by the loss but said most of the failings uncovered by the Poynter review had now been addressed.
However, Conservative Shadow Chancellor George Osborne said the reports were a “truly devastating account of incompetence”.
“They are a guide in how not to govern this country,” he told MPs.
Editing by Steve Addison