Today we held a debate in Opposition time on the missing data of 25 million people and their Child Benefit records.
Mr Darling told us little extra, repeating his original Statement of 20 November and claiming that he had been right to say the banks needed extra time before he went public with the news. He failed to tell the banks between the department first knowing on November 8th and contacting the banks on November 16th, implying his cocnern about leaving the banks enough time came to him late in day. He conceded that the "junior official" involved in the loss was in fact a junior "manager", and confirmed that in March when data had been sent in a similar way without mishap a senior manager was involved.
His junior Minister, Jane Kennedy, winding up the debate told us a bit more. Apparently the Treasury and HMRC are changing their arrangements for data transfer, limting the volume and frequency of transfer, encrypting more and improving the authorisation and postal arrangements. It was difficult to understand why Mr Darling did not tell us all this at the beginning of the debate. Maybe he did not because this implies it was a systems failure, and not an occasional mistake by juniors.
Will this make our data secure? It is difficult to be sure it will, given the lack of information coming from the top, and the apparent lack of purpose in putting these matters right at the top.
Stephen Dorrell and I pointed out that there is a cultural porblem in the department. If the senior Ministers stressed repeatedly that offering a good service to taxpayers was fundamental, and holding data securely was an important part of that, things might be better. As it was a senior manager in the Treasury, told on November 8th of the problem did not tell the Chancellor until November 10th, suggesting the Chancellor had not made his overriding interest in the quality of service clear. He in turn did not tell Parliament until November 20th, meaning 12 days elapsed before proper Parliamentary and public disclosure, leaving more people at risk of data abuse for longer.
We will need a further statement when the government receives an interim report from the reviewers looking at the whole problem of data security in HMRC. As so often this governemnt fails to take command, watches as things go wrong, and then brings in consultants to tell them what to do next. Why isn’t the Treasury and HMRC capable of sorting its own problems out, with all the staff they have? And why can’t this Chancellor offer some strong leadership, stressing the importance of better client relations and ensuring by chairing the relevant meetings that this wish will be reflected in practise.