HMRC Data Loss Fallout Has Commentators Questioning ID Card
HMRC Data Loss Fallout Has Commentators Questioning ID Card
November 23, 2007: The lost HMRC records making waves over the last week is resulting in not only the potential exposure of private banking details and major embarrassment for the department in question, but it is also dragging the UK government’s ID card push into the spotlight once again, with many commentators asking whether the government can be trusted to safeguard private information.
Security measures for the government’s upcoming £5.6 (AU$13.19) billion ID Card system and national security register have been seized upon by critics in the wake of the HMRC’s data loss, with some commentators and members of parliament claiming that the UK government simply cannot be trusted with large, centralised databases of personal information.
Chancellor Alistair Darling has blamed an unnamed junior official at the HMRC for acting against policy when the discs were sent, however, Shadow chancellor George Osborne has asked Darling straight out if he agrees that the breach marks “the final blow to the government’s ambition to create a national ID card” as it illustrates that the government “simply cannot be trusted with people’s personal information.”
With upwards of 25 million records containing bank details, addresses and other confidential information missing, the HMRC’s data breach is the largest in the UK’s history.
Australia’s own national identity card has struggled to even get on the runway, let alone into the air whenever it has popped its head up. This situation has been noted by some in the UK, including conservative MP Peter Lilley who asks, as the national database behind the ID card exists purely to facilitate the transfer and aggregation of information between many government departments, can the security of its information be assured?
Lilley questions whether the UK government should even proceed with that ID Card “without first carrying out a proper review of the privacy implications, especially in the light of the fact that the Australian proposal for an identity card foundered precisely on concerns about privacy.”
The UK government is not shying away from its ID card plans, however, claiming that the system and the underlying national security register will be designed “afresh” with even more checks and balances.
“Security is absolutely crucial to the ID cards scheme and measures will have to be assessed by the government’s security advisers before it can start operation,” said a spokesperson for the Identity and Passport Service (IPS) according to computerworld.co.uk.
To force through this idea of security, extra powers will be given to the body overseeing the ID card system, the Information Commissioner’s Office (ICO), plus there will also be a secondary independent commissioner appointed to regulate the IPS.
The two will reportedly work together, leaving the IPS spokesman saying that if anything goes wrong, “two sets of bricks will come down on us”.
The government says the new system will also hold only core identity information and biometrics, and will not have any tax, benefit or other financial records stored. Biometric and biographical information will also be stored in separate databases.
These extra measures are not likely to satisfy privacy concerns, however, as at the end of the day large volumes of personal information is still being held in central locations. By centralising citizen information and increasing the number of departments that have access, the more chance there is of calamity.
And really, what good will “two sets of bricks” coming down on a department should another breach happen do? They certainly won’t turn back time and make the breach not happen.
Comment on this story