Confidentiality and HMRC

Ouch. Someone loses a couple of CDs and HMRC – and the Government – have to admit that two twenty five million [edited] sets of details have gone missing. Very …

21st November 2007 at 1:04 pm

Ouch. Someone loses a couple of CDs and HMRC – and the Government – have to admit that two twenty five million [edited] sets of details have gone missing. Very much an ouch, although there appears to be no need to panic as there’s no evidence to suggest anyone is misusing the data. My best guess is that the CDs went missing in the internal post.

The problem arose, you’ll remember (oh come on, you’ve read the story as avidly as the rest of us) when someone sent a couople of CDs in the internal post at HMRC and they didn’t get to their destination. So they re-sent them, and it was only when it emerged that the original CDs had gone missing that there was any outcry.

OK, let’s re-cap. Someone sent two CDs in the ordinary internal post which had 2,000,000 25 million address details on them, and plenty of bank account information. They didn’t record or register the delivery, send by courier or a security firm, it went in the internal post.

I don’t suggest there’s any deliberate wrongdoing in here. But funnily enough, my records are held by HMRC as well. And I can’t help but feel really quite strongly about it when I hear that if someone in another office needs them they’re likely to be whacked onto a disk and stuck in an envelope, then trusted to an ordinary postal system.

I’d guess we’ll be getting an announcement about a significant upgrade to the process any time now.

Guy Clapperton

Guy Clapperton is a freelance journalist who specialises in small business issues and has written for the likes of The Guardian, the FT and the Daily Mirror. Guy has written about finance and franchising for SmallBizPod.

Commenting Is Easy

Do you agree with this blog post? Disagree? Have something to add that others might find helpful? Then please leave a comment in the box below.

If you'd like to have your image included next to your comments here, then you can set yourself up with an avatar in just a couple of clicks.

  1. It is not “two million” it is

    “The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families. Those records include the recipient and their children’s names, addresses and dates of birth, child benefit numbers, national insurance numbers and, where relevant, bank or building society account details”

  2. Guy Clapperton Guy Clapperton says:

    Thanks for that. On last night’s news they were citing 2 million – I’m happy to have that updated/amended.

  3. I’ve corrected. 25 million really is quite disturbing. Every family with children claiming child benefit – which certainly includes me and I’m pretty sure Guy too.
    What do people need to do to protect themselves from possible identity fraud in this case?
    HMRC is continuously encouraging business owners to file electronically. How secure are online VAT returns etc and other digital business data?

  4. Benjamin says:

    All those security firewalls and security software really helped! I’m shocked that they didn’t even encrypt the data. Deep sigh.

Leave a comment


Listen to the sales podcast for SMEs Subscribe to the podcast on iTunes


If looking to boost your businesses performance with promotional marketing, travel incentives or incentive schemes get it touch with NDL Group