It seems that HMRC are having yet more problems maintaining and protecting important records, not for the first time either, which has today lead to the the Chairman of HM Revenue & Customs Paul Grey resigning. It has not been confirmed if other HMRC staff directly responsible for the lost of such important data have also been held to account. 

The resignation is over the issue of lost computer disks containing personal details of 25 million individuals and around 10 million bank accounts in relation to Child Benefit.

Records included names, addresses, dates of birth, national insurance numbers.

The Chancellor of the Exchequer, Alistair Darling, today confirmed that the discs had been lost whilst being transported to the National Audit Office by unrecorded and unregistered post. 

The records were posted by a junior member of HMRC staff and on finding the records did not reach the National Audit Office HMRC was kind enough to post them a further copy although the second time they were posted recorded delivery which the Parliamentary Statement confirms is still incorrect proceedure.

You might think this is April the 1st? Unbelievable?  

Not really as this is not the first offence.

Mr Darling has started to the House of Commons today:

"In addition, the House will be aware of other data security breaches by the HMRC, including at the end of September the loss of records of around 15,000 people in transit by HMRC's external courier and in the same month, a laptop and other material containing personal details relating to HMRC customers was also lost."

Click here for the link to the Parlimentary Statement.

It would seem that this is a clear breach of the Data Protection Act if you want to make a complaint to the Information Commissioner here is the link to the form - click here if you are concerned about your own records.

There are heavy fines for breaching the Act and even imprisionment the Information Commissioners website states:

"Persistent breaches of the Act

A data controller who persistently breaches the Act and has been served with an enforcement notice can be prosecuted for failing to comply with a notice. This offence carries a maximum penalty of a £5,000 fine in the magistrates' court and an unlimited fine in the Crown Court."

Mr Darling commented today:

"I have kept the Information Commissioner informed. It is highly likely that there have been breaches in the Data Protection Act. That is something the Commissioner will investigate."

The public will have to wait and see if any action is actually taken by the Information Commissioner as now this is at least the third breach of security by HMRC in a matter of months, that they have admitted to, and clearly no lessons have been learned from previous errors and the personal security of taxpayers does not, on the evidence to date, seem to be taken at all seriously by HMRC i.e. repeated breaches of security. Whether HMRC will now be served with an enforcement notice by the Information Commissioner is the question or will we have to wait for the next breach of security?