ICO: HMRC breach - where were the tech safeguards?

In the wake of the largest-ever data breach to hit the UK, the Information Commissioner's Office has criticised the apparent lack of technological safeguards in government departments and called for "privacy-enhancing technologies" to be built into future projects.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

The loss by Her Majesty's Revenue & Customs (HMRC) of two password-protected CDs containing 25 million personal details of those who claim and receive child benefit was a major blow for privacy, according to assistant information commissioner Jonathan Bamford.

Bamford said on Wednesday: "This is the biggest privacy disaster by our government. It's a bad day for those of us who care about privacy. Security lapses like we just found out about are very worrying, especially as we've had data-protection laws on our statute books for 21 years."

Bamford said much more could have been done in terms of privacy-enhancing technologies (PETs) to safeguard the information lost, which included the name and address of every child in the country.

Bamford, speaking at a conference in Westminster, said: "Why are we not using our ingenuity and expertise to develop privacy-enhancing technologies?"

The idea that someone could burn a disc of the whole child benefit database and had the capability, the access and the authority to do so "raises questions", said Bamford.

Bamford continued: "How you can have a system which allows you to copy a whole database onto a disk is of concern. Clearly there are issues about when the data was accessed and by whom. They should have had access controls and authorisation levels to make it physically impossible to burn a disc of the database without the say-so of the chairman of HMRC. Why isn't the technology there to do that? It isn't rocket science."

Ulf Dahlsten, director of emerging technologies and infrastructure for the European Commission, said that HMRC "needed to enhance its protection", and added the European Commission had issued guidance on the use of privacy-enhancing technologies.

Dahlsten said: "[HMRC] should have had the data protected. They should have encrypted the data and not allowed one officer to access and download the information. They also have to think about how they store the data."

HMRC needed an awareness-raising scheme about data security, Dahlsten said. But added the data need not have been linked to individual identities at all.

Dahlsten said: "It's a way of thinking. You can dissolve identity from a string of data and make that data anonymous. For auditing purposes, [the National Audit Office] didn't need the names of the people."

It emerged in Parliament that the National Audit Office had not in fact requested the names, addresses, dates of birth, National Insurance numbers and banking details lost by HMRC, but had just requested National Insurance numbers.

The government is currently in the process of implementing other database projects, including the National Identity Register for the ID cards scheme. Dahlsten warned against large databases which store a lot of data and have many people accessing them, as this "increases the chance of a data breach".

Tom Espiner writes for ZDNet.co.uk