HM Revenue and Customs has apologized following the loss of sensitive financial information

The current episode relates to the Personal Equity Plan (PEP) customers of the investment bank UBS Laing and Cruickshank. A CD containing the information was sent to a ‘local office’, as requested by HMRC, but it appears a lack of adequate procedures meant that HMRC does not now know the whereabouts of this CD. UBS states that there were only a small number of investors details on the CD, and has offered to change account numbers in a written notification to all those affected. HMRC has apologized to UBS and its customers.

In the previous incident, the software that HMRC was using to cleanse its database of old cases could not distinguish between old and live records, and consequently there are 364,000 people, who cannot be identified, who are owed UK£82 millions by the UK Government (UK£259 per person on average), and a further 22,000 have not paid UK£6 million of taxes that were due.

The seventh principle of the UK Data Protection Act 1998 states:

Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

The apology by HMRC is a clear statement that it has broken the law, and surely following the earlier data loss it should now be prosecuted by the Information Commissioner.

Public bodies who are charged with looking after records on behalf of the nation, should not be allowed to play ‘fast and loose’ with those assets. Perhaps it is only the publicity of a court case that will really focus civil service minds on the fact that they are responsible for the information we give them.

Source: OpinionWire by Butler Group (www.butlergroup.com)