Insights from the UK and beyond
“Woefully inadequate”, “a muddle-through ethos”, “a lack of awareness” – just some of the phrases used in scathing reports to describe data protection practices at the HM Revenue and CustomsΒ (HMRC).
The inquiries followed Britain’s biggest data loss scandal, when two discs containing child benefit records, including names, addresses and bank details, of some 25 million people, went missing after being put in the post by a junior employee.
The reports concluded that it wasn’t individuals who were to blame – some 30 were officials played some role in events leading to the loss of the discs – but institutional and systematic failures at Britain’s tax authority.
But the HMRC is not alone in such security breaches. A separate report into a stolen laptop containing the details of 600,000 potential recruits revealed similar failings at the Ministry of Defence. In all, four MoD computers had been stolen since 2004 and the report said the MoD was probably in breach of several principles set out in the Data Protection Act.
Under the first, Children’s Secretary Ed Balls proposes that trouble-makers as young as 10 should sign a good behaviour contract . The “most challenging” among them will have to stick to the order or risk a criminal record.