Fighting Fit

Win a fitness package worth more than £3,000

Navigation - link to other main sections from here

Skip Navigation

From The Times
November 21, 2007

New data law 'urgently needed'

Rhys Blakely

Security experts called for an urgent review of the law following the loss of the personal information of 25 million Britons by HM Revenue & Customs.

Most damning, they said, was the apparent revelation that the data lost was not encrypted but merely password protected.

“A criminal could break into these files in a matter of minutes,” Simon Davies, a senior visiting fellow at the London School of Economics who specialises in data security, said.

One senior executive at a high street bank called the breach a "fiasco". He said: “You would never see a bank send data in the slapdash way HMRC did. To say we are disappointed is an understatement”.

Related Links

Mr Davies called the incident "the final straw and the latest in a long line of fundamental errors at HMRC".

He called for new legislation that would require bodies that lose information to inform members of the public who are placed at risk.

The Data Protection Act currently does not require companies to notify either the Information Commissioner's Office or those affected by the loss of data.

In September, a House of Lords committee repeated calls for a data-breach notification law following a report that detailed the findings of an enquiry into internet security.

Figures at the Metropolitan Police and the Information Commissioner's Office, in part responsible for upholding the DPA, have cautiously supported new measures though they have voiced concerns over who would police them.

Models for legislation would be likely to include California, where organisations are required to inform individuals immediately once they are aware of a loss of data.

Dr Gus Hosein of Privacy International, a non-government body that advocates for data protection laws, said that the UK is "the bad boy in the western world when it comes to data protection. It is the furthest behind".

He said the UK trails far behind companies such as Germany and Canada on the issue while 34 of America's 50 states have legislation in place.

Page 1 of 4

What is required is adherence to the simplest procedures of Data Protection.

See the blog at the British Computer Society.

It is important in regard to NHS data to distinguish between identifiabkle and non-identifiable data. It is most important, for example to study long term effects of medicines, that patient data are available to researchers. I know of no breach by medical researchers of the type of thing seen in HMRC.

S Evans, Hastings, E Sussex

With the potential disclosure of almost the entire national database of personal details, the only secure solution is to regenerate the 25 million files using new numbers.
No doubt this dysfunctional government will say that we must now have biometric data included with our identity cards, passports, NHS cards, driving licences and toilet paper.
Of course there is also the more sinister reason for 'losing' a copy of the information - nulabor government corruption and its social re-engineering agenda - but let the paranoid doom-mongers loose on the inevitable speculation.

martin brighton, sheffield, UK

Only earlier this year I contacted the Information Commissioner about a DPA breach at the Child Benefit Office but that office were not interested in my complaint -advising me, albeit on a different type of breach, that

'there is no strong indication of a related systematic data protection problem existing within HMRC'

Beggars belief!

Lynn, Sunderland,


The positive in this deeply depressing news is that the government is now under intense pressure to reform Data Protection Law and this desperately needs to be done. The question isn’t so much about what information the government has on various systems but who actually has access to this information. How can we be sure that they be trusted? What safeguards will there be? How will this prevent our information from falling into the wrong hands or being abused? All of this should have been resolved at least 20 years ago when Data Protection Laws were first being introduced. If it had then maybe the government wouldn’t find itself in the position it is in now.

Jason Mead, Bristol, England

There are some technological and procedural improvements that could reduce the risk of this sort of thing happening again but the real problem is that government doesn't understand privacy and the risks inherent in big databases.

The easiest way to avoid this kind of blunder is to simply not store or process private data unless absolutely necessary. I expect to hear about new laws and maybe more use of data encryption yet at the same time, the government wants to introduce "voluntary" ID cards and an extensive data collection system for anybody travelling in or out of the country.

After a blunder of this proportion, do any readers honestly believe that computerised medical records are safe from prying eyes? Have there been other government data leaks we don't know about? My guess is that Labour will come up with a new law and some improvements to reduce risks in future but the real problem is a meddling, intrusive, control freak government that is not fit for purpose.

Edward, UK,

This is a shamble. Nothing is working out for the government which is constantly slicing departments to cut costs but the side effective is compromising on efficiency. This issue is not mutually exclusive from Northern Rock where the Bank of England made substantial amount of loan to Northern Rock. Now the European Commission is saying that the payment, which is below the normal interest rate, is unlawful as the loan prevents customers move around to other banks and therefore preventing free competition. What the Commission is fundamentally arguing is that the loan litrerally has become a state subsidy which puts other companies at disadvantaged.

Ripon Ray, London, UK

Nice one Gov, I have to take an hour off work this afternoon to get my account number changed.

Phill, The Wirral, England

Failure to protect personal data is a breach of the Data Protection Act.

Go gettem! Lets see 7 million prosecutions of HMRC

Jim Broadhurst, Burnley, England

The auditors asked for this data? They are happy it is sent this way? Who are the auditors?

David Blaylock, Cockermouth, UK

I work for HMRC, guess when I foundout about this fiasco... 2.30pm!!! Says it all really!!! They knew this would be in the public domain by Tuesday morning as they spent all weekend updating the customer contact systems to prepare for the rise in customer calls from the worried public. Shows how little they care for the employees, let alone the tax payers!!!

Caz, West Midlands, England

And this is the Government who wants us to trust them with all our records and biometric data Imprinted on ID cards.
Fullproof security, I think Not!

Len, Argyll, scotland

Have your say

* Required

Also in Banking & Finance

Also in Industry Sectors

heatmap

Need to Know

Top business stories, daily business video and interactive heatmap

Money Central

Woman putting pound coin in model house money box

House price crash: Five experts predict how far prices will fall

    Career & Jobs 

    Multiple Choice Test

    What are you like?

    Take our personality, verbal and numerical tests

    Ask the boss

    Hans Wijers/Ask The Boss

    AkzoNobel boss Hans Wijers has answered your questions. Read them here

    Find a lawyer

    Scissors cutting through red tape

    Need legal advice?

    Take the stress out of finding a lawyer to help your business. Let them find you with our new matching service

    Most Read

    Skip Most Read

    Today

    MOST COMMENTED

    Skip Editor's Pick

    Today

    MOST CURIOUS

    Skip Most Curious

    Today

    Focus Zone

    Need to Know

    Need to Know

    Industry sectors news at a glance. Interactive heatmap, video and podcast

    Social Entrepreneurs

    Social Entrepreneurs:

    The inside track on current trends in the charity, not for profit and social enterprise sectors

    James Bond

    James Bond:

    Read our exclusive 100 Years of Fleming and Bond interactive timeline, packed with original Times articles and reviews

    business travel

    Business Travel:

    Everything the Business Traveller needs to know to make a better trip

    previous next

    Business tools

    The Singapore skyline pictured at night

    Business City Guides

    Overseas contacts and local business information

    Business services

    Popular Searches on Times Online

    bollywood news | chess | dating | fantasy football 2008 | fashion | london film festival 2008 | mortgages | music | need to know | podcasts | recipes | redundancy | savings | sudoku | university guide | us election | wine

    Shortcuts to help you find sections and articles

    Classifieds 

    Cars

    Skip Cars of the Week

    Saab 9-3

    05/2005
    £13,500

    Bentley Continental

    08/2008
    £109,950

    Mini Cooper

    2006
    £10,750

    Car insurance

    Great car insurance deals online


    Jobs

    Skip Jobs of the Week
    Director of systems development - server based gaming industry

    £Excellent+ executive benefits
    Torres and Partners
    London

    Head of International Programme

    £49,229 - £62,035 pro rata
    Charity Commission
    London/Liverpool/Taunton

    Project Director (m/f)


    Alstom Power
    Europe

    Director Roles

    Six Figure
    Rolls Royce
    Midlands/Europe

    Properties

    Holidays

    Skip Travel of the Week

    Be the first to stay

    At the new sophisticated
    Encore Las Vegas Resort!

    Funway Holidays Int Inc

    Cruise the Islands of Hawaii - Pride of America


    Advertise your holiday property online

    List your property with two leading travel websites


    Travel insurance

    Great travel insurance deals online


    Place your advert now