Save content
Have you found this content useful? Use the button above to save it to your profile.
Guide
Sponsored

Private sector IR35 reforms: Updated guide

ir35

Industry insights

The R&D Community

Changed qualifying costs in the Merged R&D Scheme

Randd_mono_logo
Mercia

Corporate Crime: FOI Reveals Live Investigations

Mercia mono
Dext

Dext's Tax Talks series continues..

Dext logo
View more
AIA

Printing error causes new HMRC data breach

by
27th May 2010
6 comments
Save content
Have you found this content useful? Use the button above to save it to your profile.

HMRC has apologised for a data security breach in which tax credit claimants received other people’s personal information.

The Register website broke the story after a reader alerted them to a tax credit notice that contained details of two other recipients’ work, childcare and pay details.

A few days later, a letter arrived by HMRC director of tax credits Paul Gerrard apologising for the error and including a stamped, addressed envelope for the claimant to return the misprinted notice.

HMRC commented: "HMRC takes data security extremely seriously. Unfortunately an error has occurred in one of the tax credits print runs causing some customer information to be wrongly formatted. Investigations are underway to identify the cause of the problem and we will be contacting affected customers in writing this week, apologising and providing a corrected award notice. An initial analysis shows that ID theft could not result from this printing error."

According to The Register, 50,000 tax credit notices had been dispatched, but HMRC was not able to confirm how many had been misformatted.

The latest data mishap revives memories of the incident in November 2007 when the confidential details of 25 million Child Benefit claimants went missing on two CDs. Chairman Paul Gray resigned over the breach and an enquiry headed by PwC senior partner Keiran Poynter subsequently put forward 45 recommendations to address the department’s data protection weakspots.

Tags:
Save content Leave a comment

You might also be interested in

General practice

Accountancy firms hit in £2.28m AML clampdown

by
Any Answers comment Icon 2
Money being washed | AccountingWEB | Accountancy firms fined in HMRC's £2.28m clampdown on money-laundering
HMRC & policy

Over £100m in dividends deemed income not capital

by
Any Answers comment Icon 4
image of map of jersey | accountingweb | £100m+ dividends received from Jersey company were income not capital
Guide
Sponsored

Everything you need to know about AML measures

Sage guide: Everything you need to know about anti-money laundering New
The R&D Community

Changed qualifying costs in the Merged R&D Scheme

Randd_mono_logo

Replies (6)

Please login or register to join the discussion.

avatar
By janice33rpm
27th May 2010 17:16

Data Breach: In the realm of risk, unmanaged possibilities beco

Great article highlighting the need for everyone to have a much higher computer/data security awareness.  Check a (free) blog, "The Business-Technology Weave" (can Google to it) - it reflects what this article is saying.  The blog author also has a book we use at work, "I.T. WARS" (you can Google that too).  It has a great Security chapter, and others that treat security.  Highly recommended.  Great stuff.  As that author says, "In the realm of risk, unmanaged possibilities become probabilities."

Thanks (0)
John Stokdyk, AccountingWEB head of insight
By John Stokdyk
27th May 2010 17:36

To what extent is it a data security breach?

The point has been made to me that this wasn't so much a data protection error as a mechanical/human mistake in the printing process (for example, the pages came out of the printer in the wrong sequence and were placed in the wrong envelopes).

They may have a point, but the episode also proves the old adage that to err is human, but to really screw up you need a computer.

Thanks (0)
avatar
By User deleted
27th May 2010 17:43

Anyway what price security/privacy with Google

Interesting that you refer to looking up information on Google - perhaps the most invasive organisation on the planet

Here are just a few of the Google little gems

http://precursorblog.com/content/what-private-information-google-collects-a-one-page-fact-sheethttp://www.telegraph.co.uk/technology/google/7763461/Google-Street-View-single-biggest-breach-of-privacy-in-history.htmlhttp://blogs.computerworld.com/google_voice_press_1_to_invade_your_privacyhttp://beyondthecurtain.wordpress.com/2010/05/20/google-debates-face-recognition-technology/http://www.realconspiracytheories.com/tag/facial-recognition/

So next time you use Google just remember all this - their tentacles are long and far reaching

Just to round off the circle - what happens if they acquire FaceBook etc. - they can then join up all the dots .....

So what price security when most of us don't have a clue about what's going on anyway?

Thanks (0)
avatar
By User deleted
27th May 2010 17:47

Paper out of the printer in the wrong order

John

If the names/addresses were printed on the output paper (reverse side) & window envelopes used then this could not arise because there would be no matching required

Thanks (0)
avatar
By janice33rpm
27th May 2010 19:51

Content is Content, Data is Data

A data breach does not have to be purely a "systems" problem.  Human error is the most common origination of data breaches.  Any data in the organization is content, whether electronic, paper, disk, tape, etc.  When content is exposed, such as data going to the wrong recipients, it is a data breach.

Thanks (0)
avatar
By cymraeg_draig
28th May 2010 00:11

Hypocrisy

When HMRC get it wrong - it's an ERROR.

When we get it wrong - its NEGLIGENCE.

Perhaps HMRC should pay a £100 fine to everyone whose data was the subject of this "error".

 

 

Thanks (0)