Speaking in yesterday’s Opposition Day Debate on the loss of sensitive, personal data by Her Majesty’s Revenue and Customs, John Redwood highlighted the failure of Revenue and Customs to perform its basic duty of care to taxpayers, and called for a major change in the culture of responsibility and accountability in the public sector.
The full Hansard text of John’s speech is reproduced below:
<strong>Mr. John Redwood (Wokingham) (Con):</strong> I rise to support the wise words of my right hon. Friend the Member for Charnwood (Mr. Dorrell), and the words of my hon. Friend the shadow Chancellor. My right hon. Friend was right to say that, above all, we are debating a cultural issue. It is a matter of grave concern that HMRC does not regard looking after data as its fundamental duty, and that it does not consider that the customers or taxpayers whom it serves have every right to expect the highest possible standards when it comes to protecting the very important and extensive personal data that they are forced to give to the state, on pain of prison, so that taxes can be calculated and levied.
We are discussing accountability. We have held this debate because we think that the Chancellor of the Exchequer did not tell us enough when he first made a statement to the House? let alone today? and that he did not explain all the details that he knew at that time. The doctrine of ministerial accountability has moved on in recent years, and I welcome that. Twenty years ago, a Minister who had presided over such a major disaster would have offered to resign automatically. There would have been no question about that, but I do not think that it is fair or right for a Minister to resign if a junior official goes against the rules or makes an egregious error about which the Minister can know nothing and whose outcome he or she certainly does not seek. If we were looking in this debate at a single error made by a junior official about which the Chancellor knew nothing, there would be no question to answer under the new doctrine of accountability.
<strong>28 Nov 2007 : Column 330</strong>
However, the contention of my hon. Friend the shadow Chancellor is that we are looking not at one error but at a series of them. Some have said that there have been 2,000 errors of a similar kind, although not all on the scale of the most recent one, but my hon. Friend has contended that it is part of the culture, and therefore possibly a fault of the policy, that such things are happening at all.
That is why I asked the Chancellor of the Exchequer whether, in light of recent events, he had made changes to the procedure and policies that govern the handling of data. He answered that he had made one change. The hon. Member for Twickenham (Dr. Cable) and others did not think that that was sufficient, but the implication of the Chancellor’s reply is interesting, as it suggests that he felt that the existing system was not adequate and needed to be changed. In addition, the Chancellor has appointed a committee of inquiry to see whether the system as a whole needs changing and improving, which suggests that the problem did not arise through one official making a mistake but through a systemic failure inherent in the policy.
The most important error to have occurred has not received enough attention. In March, a similar volume of information was sent in a similar manner. Fortunately, the discs did not go missing, but that event should have alerted the previous Chancellor of the Exchequer to the seriousness of the possible problems that such sloppy data handling could cause. If anyone is culpable, therefore, it is the former Chancellor and his junior Minister responsible for these matters, as they did not respond when things went wrong. Could they have responded? Did they know? We now learn that a senior manager in HMRC was well aware of the error in March, and it does not speak well for the leadership provided by the then Chancellor and other Ministers that that official did not pass on the information to the Chancellor’s private office? or, if he did pass it on, that the former Chancellor and the responsible Minister did not understand its significance, and therefore did not take action.
That brings me back to the question of culture. No one on the Opposition Benches with experience of running Departments or big companies? I have had the privilege of doing both? believes that a single person can possibly know every decision, read every e-mail, or be copied into every transaction. That is why I accept that errors will occasionally be made that are not the wish of the person at the top. Since such errors are not inherent in the policy or culture laid down by that person, I believe that he or she should be forgiven. However, the culture at HMRC did come from the top and it seemed to say, We do not regard the sanctity of personal data as crucial. We do not think that should be your No. 1 duty.?
I suspect that if we could see more of the relevant e-mail traffic and memos we would discover that Ministers wanted the merger of Revenue and Customs to give rise to a more aggressive Inland Revenue that got more money out of more people, more quickly. Since the merger, I certainly have received many more complaints from constituents, very often to the effect that HMRC has extracted money on rather bogus arguments, or incorrectly. It has then had to return that money. I suspect that the cultural shift that the then Chancellor orchestrated and sent down the line was that he wanted the new merged organisation to be much better at
<strong>28 Nov 2007 : Column 331</strong>
collecting more money from people and companies. If that is the culture being promoted, it is not easily compatible with one that is customer friendly. In a customer-friendly culture, staff would be told, Your No. 1 priority should be to treat customers well, and that means that you must look after their data.?
Others have said that what has happened demonstrates that the Government cannot be trusted with the wider range of data collected for ID cards. Naturally, I agree: the public are now extremely suspicious of the Government’s ability to handle data and of their trustworthiness in dealing with that information. In the days ahead, Treasury Ministers who want to rescue their ailing position on data handling must demonstrate that they have learned the lessons and that they have put in place a system that will not allow such errors to happen again. However, the evidence from the Chancellor and other Ministers on the Treasury Bench today gives us no sign that we are about to reach that happy situation.
We have been told that one change has been made to the relevant procedure? something to do with the internal post at HMRC. We have heard nothing about encryption, or about reducing the amount of data that can be moved, either on a disc or in some other manner. We have heard nothing about introducing personal couriers to transport such sensitive data, or about reopening discussions with the NAO about how much data are needed and on what basis. My understanding of audit procedure is that it is done by sample, so why on earth were the records of 25 million people sent through the post? Could not a proper sample have been made? We have heard no explanation from Ministers as to why auditors cannot go to the data, rather than the other way around.
It is pathetic that so many days after the scandal was first reported we have not had a straightforward statement from someone on the Treasury Bench about how elementary protections and precautions for data handling and transmission have been put in place. Such defences would be expected in any medium-sized company, let alone a large one. We also need to know why the Chancellor has been so dilatory in coming to the House, and so reluctant to have information dragged out of him. It is apparently fine to share with the world, through the postal system, the unprotected records of 25 million people, but when it comes to data that this House needs? such as where the ??25 billion used for Northern Rock, and the asset protection that has been put in place? we are not allowed to have it. When it comes to information on what action the Chancellor plans to take to deal with the data-handling shambles, we are not allowed it even after a full debate and a statement.
The Chancellor’s Department at senior level knew about the problem on 8 November. We are told that it was two days before the Chancellor was told, so that shows that he had not told his staff that such things were important or mattered to him? otherwise they would have told him immediately and not taken the risk. It then took him another 10 days, until 20 November, to come to the House of Commons to tell us what had gone wrong. That does not speak well of a Government who believe in Parliament and think it central to our national life; nor does it speak well of a Government who claim to care about people’s data. If the Government knew 12 days beforehand that the data might have been
<strong>28 Nov 2007 : Column 332</strong>stolen, and had certainly gone walkabout, why were the public not told and warned then? Why were they not told and warned through the natural route? a full statement to this court of Parliament? That is what should have happened.
The Chancellor’s excuse is that he wanted time to talk to the Information Commissioner. He then tried to blame the banks, although they were told only on the Friday evening. The Chancellor now says that one or two banks wanted a bit more time, but it was hardly sporting of him to take up all the working days of the week, keeping the information to himself, telling the banks only on Friday evening when, no doubt, officials and Ministers wanted to go home and leave the banks with the problem over the weekend.
That reeks of a Government who are after our money but not out to give us service. It reeks of a Government who speak about the importance of democracy but do not treat the House of Commons seriously. It reeks of a Government who claim to value the people of this country but who cannot be bothered to tell them promptly when the Government make a mistake. It is a disgrace and it is high time that Ministers on the Treasury Bench came up with a better defence and some resolute action so that we can be reassured that in future they deserve to handle our data.