Posts Tagged ‘privacy’

Tax CD-ROM fiasco

November 23, 2007

An abridged version of this appeared in the Guardian newspaper’s letters page today

As chance would have it a major EU-sponsored conference on privacy, identity and technology was taking place in central London yesterday, as news broke of the UK’s tax CD-ROM fiasco. I was one of a hundred or so experts from across Europe from a wide variety of technology, research, and legal backgrounds who were debating these issues.

Whilst the discussion at the conference raised many pertinent points about technology and data protection, mainstream news reporting has centred on whether cost cutting within HMRC is to blame. Personally, I find this rather disappointing. No doubt this is great fun for political point scoring, but basic data protection measures cost little if any money, in terms of staff time (which is where the debate has focused), to implement.

For example, why was even the most simple data encryption not undertaken? Why in the age of the Internet and highly secure Government data networks are CD-ROMs flying about between different parts of the public sector. Sending a disc by TNT post surely costs more than using a data network.

It should also be borne in mind that none of this is new. As Jonathan Bamford, from the Office of the Information Commissioner, pointed out in his speech to the conference, the data protection framework that is supposed protect citizens’ private data in ICT systems has been in place for twenty years. I think that in the Tax CD-ROM case there seems to be some evidence that this was ignored, possibly with the knowledge of senior managers.

All of this means that there is a pressing need to address the lack of public confidence in the Government’s ability to protect our personal data. Jonathan Bamford made reference to the latest survey undertaken by the Office of Information. This shows that protection of personal information was ranked, by the general public, as their second highest concern—just below fear of crime. This survey was taken before yesterday’s events and placed privacy concerns above worries about the health and education systems.

Data protection of citizen’s information should be hardwired into the DNA of government departments and agencies. It clearly is not, judging from this case. Until it is there should be no more talk of a national ID system.