To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/research/specialreports/digitaldefences/0,3800014341,39169238,00.htm

Gordon Brown orders data security spot checks
Stable door, horse, bolted?

By Andy McCue

Published: Thursday 22 November 2007

The government has agreed to data security spot checks across all departments by the Information Commissioner following the loss of 25 million records of child benefit recipients by HM Revenue & Customs (HMRC).

Prime Minister Gordon Brown said all government departments and agencies will also have their procedures for the storage and use of data checked by security experts.

During Prime Minister's questions in the House of Commons yesterday, he said: "We will give the Information Commissioner the power to spot check departments, to do everything in his power and our power to secure the protection of data."

Security A to Z

From antivirus to zero-day, click here for silicon.com's alphabetical guide to security.

The u-turn follows the rejection by ministers of similar proposals put forward by House of Lords Science and Technology select committee just a month ago. The government then said the current enforcement regime for data protection was "fit for purpose".

Brown also apologised to the 25 million people who have had their names, addresses, dates of birth, National Insurance numbers and, in some cases, bank account details compromised by the HMRC blunder.

He said: "I profoundly regret and apologise for the inconvenience and worries that have been caused to millions of families who receive child benefit."

But Conservative Party leader David Cameron hit back and said: "I have to say to the Prime Minister that if a junior official in an organisation can access so much information and send it not once, not twice but three times, that is evidence of systemic failure."

Information Commissioner Richard Thomas welcomed the powers to spot check government departments without the need for consent but he also called for data breaches of this scale to be made a criminal offence.

He said in a statement: "It is also important that the law is changed to make security breaches of this magnitude a criminal offence. At the moment I can take limited enforcement action but making this a criminal offence would serve as a strong deterrent and would send a very strong signal that it is completely unacceptable to be cavalier with people's personal information."

As the full story behind the HMRC breach continues to unfold, the Conservative Party is also claiming senior HMRC officials - and not the junior official blamed by Chancellor Alistair Darling - authorised the sending of the data.

The Tories claim the National Audit Office only requested "desensitised" data containing National Insurance numbers but were told by HMRC that it was too difficult and costly to separate this out. The government has hit back saying these claims are inaccurate.