Thursday, November 22, 2007

A day's a long time in politics

When Dave wrote it (two days ago - I apologise for the title of this post - poetic license) this was a reasonable, if overly generous, account of what had gone wrong at HMRC. Now it looks like pretty much every argument in Darling's defence is completely invalid. At the same time it is becoming very apparent that this mistake will prove expensive for customers, banks and, when someone claims for compensation, the taxpayer. He might get away with it if the discs are found within the next few days and could hang on regardless but Darling should resign:

1) It wasn't just a random mistake

  • It was a decision that senior staff were aware of.
  • It wasn't the only such incident. 2,111 data protection breaches in the last year.
  • Junior staff shouldn't have the ability to do this sort of thing.
2) The Government bear a large measure of responsibility for organisational failure at the HMRC

  • There's nothing wrong with trying to slim the staff at a government department, operations can often be simplified and the need for massive bureaucracy reduced. However, combining staff cuts in the same department with a messy merger, the massive complexities of new IT systems and the ongoing debacle of an overly complicated tax credit system is a recipe for disaster.
  • The Government was warned that there were serious problems with data protection within Government departments. They ignored those warnings.

3) Darling's defence for the delay in letting everyone know the data was gone appears desperately weak

He said it was to give the banks time to prepare but why was there a delay before he told the police and then a further delay before he hold the banks? Why do the banks deny that they asked for time to prepare?


Dave Cole said...

Can we see the figures that led to the figure of £216m?

In answer to (1), that may be so, but the TPA was criticising the amount that HMRC's CIO was being paid a couple of years ago.

In answer to (2), if junior staff were able to do it, it's a screw up in the measures in place and would be the government's fault. If it were senior people that had contact with ministers but didn't raise the issue with ministers that allowed it to happen, the problem is within the civil service management structure, which is a slightly less clear-cut case.

In answer to (3), I suspect that it was the 'are you sure you've checked?' syndrome.

None of this makes it any better. It's bad.

All of the way down, though, it highlights the need for better awareness of data protection issues. How did the story about the 2,111 breaches come about? FoI?

I'm going to go and hide in a corner until the CDs are found. If I'm not back by Tuesday, send a banana cream pie.

Matthew Sinclair said...

I think the working is described in a few of today's papers. Not in the office thanks to my ongoing cold I'm afraid.

1) I don't see the relevance.

2) If it is senior officials that makes structural problems at HMRC far more likely candidates for the cause of all this. That means it isn't just random error. That means the Government should have been listening to the warnings and paying more attention to earlier failings.

3) Why was Darling making up bank demands for a delay then?

I'm not sure how the Tories got the 2,111 number. Could be in the HMRC annual report. I doubt they're major events. We do know there have been a good half dozen major errors reported in the news relatively recently.