HMRC email rejected filtering of sensitive data

Emails released by the National Audit Office (NAO) reveal HM Revenue & Customs (HMRC) did not strip out bank account and other sensitive details contained on the two CDs that have gone missing because of the extra cost it could have incurred.

The NAO has released the details of an email exchange between the junior HMRC manager responsible for sending the CDs containing 25 million child benefit records and the NAO, with a senior HMRC manager copied in on the emails - although both sides agree the senior manager was not responsible for making the decision to send the data in this way.

The first email exchange relates to the NAO's request for National Insurance numbers from the child benefit database for the 2006/2007 audit.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com.

At 08:20(GMT) on 13 March 2007, the junior HMRC official sent an email to the NAO attaching a data scan and sample of the data extracted from the child benefit database by IT services company EDS.

Later that day at 14:41(GMT) the NAO official sent an email reply asking for the data to be filtered. The email said: "I do not need address, bank or parent details in the download - are these removable to make the file smaller?"

The HMRC official responded at 15:23(GMT) and said: "Your original request was for a 100 per cent scan of the data, and fortunately a scan was complete earlier this year, and we have shared this with you at no additional cost to the department. I must stress we must make use of data we hold and not overburden the business by asking them to run additional data scans/filters that may incur a cost to the department."

That data was sent without being filtered, in 100 zipped files on two CDs, but did arrive safely at the NAO. Then in October the NAO made another request for the same child benefit data for the 2007/2008 audit.

An email on 2 October 2007 from the NAO to the HMRC official said: "Please could you ensure the CDs are delivered as safely as possible due to their content."

Those CDs were sent on 18 October by HMRC to the NAO but never arrived and are still missing.

The emails will heap more pressure on Chancellor of the Exchequer Alistair Darling, who failed to mention the details of this email exchange in his statement to MPs on Tuesday, despite it being included in the briefing paper to him from the NAO.

HMRC declined to comment while the police investigation is ongoing.

The full email exchange published by the NAO can be viewed here.