To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/publicsector/0,3800010403,39211282,00.htm

600 HMRC workers caught snooping
Staff looking at "personal" and "sensitive" data

By Nick Heath

Published: Thursday 01 May 2008

The government faced condemnation after it emerged that 600 staff at Her Majesty's Revenue & Customs (HMRC) have been disciplined for snooping on personal data.

The revelation by Treasury minister Jane Kennedy in a written answer to parliament showed that 192 staff had been disciplined last year, 180 in 2006 and 238 in 2005.

The HMRC has discussed 11 data security incidents involving customer information with the Information Commissioner's Office since April 2005, has stopped data transfers unless there is a business critical need and now demands adequate security protection for the transfer of bulk data on removable media such as CDs and memory sticks, she said in a separate answer.

A shadow home affairs spokesman said: "It's shocking that so many public officials have been sacked or disciplined for abusing people's private details.

"It underlines why we believe that the reckless handling of personal data by government officials should be made an offence."

The House of Lords recently backed a motion to make the reckless loss or distribution of data a criminal offence.

Full Disclosure campaign

silicon.com is aiming to make businesses and government take data security more seriously. Read more here.

Kennedy said the breaches related to less than one per cent of just over 90,000 staff.

She said in her written answer: "HMRC has a strict policy forbidding staff to access customer records, unless they have a legitimate business need. Breaches of this policy are taken seriously."

The government-commissioned Poynter Review of the breach that led to the loss of 25 million personal details after a junior employee posted two CDs to the National Audit Office is expected to be published imminently.

Kennedy also said the data guardians brought in to shake-up data security at the HMRC did not have power to operate outside of the existing HMRC chain of command and that business unit directors and the HMRC chairman retained ultimate responsibility for data security.