The Poynter report into the HMRC data breach is published today, though I haven't yet been able to find the text online. This is one of those cases where a problem emerges, an enquiry is launched, and the responsible minister (Alistair Darling, as Chancellor) immediately deploys the "let's wait for the results of the enquiry" measure as the simplest means of deferring embarrassing questions until (hopefully) the crisis fades from the public consciousness.
Except that, in the internet age, that isn't how it works. These days, all we have to do is type "poynter report" into a search engine to get instant access to the story. For example, from December 17th 2007, here's The Register on Darling's immediate defence, and here's thisislondon on the same day, reporting Ruth Kelly's announcement of a further data breach at the DVLA...
Apparently a key finding of the report is that the loss arose from "serious structural failings" including poor communication between staff and managers, low morale, and inadequate training. This is somewhat at odds with the Chancellor's assertion at the time, when he laid the blame on a junior staff member who acted "contrary to all HMRC standing procedures".
I assume that "structural failings" would also include the strange equation by which it's 'better' for that employee to jeopardise 25m citizens' records than to ask his or her manager to approve the £5,000 expenditure which would have 'pruned' that data down to what was actually being asked for by the receiving department...
That theory tallies with another quote I have found so far from the Poynter report:
"Few members of staff appreciated the highly sensitive nature of the information contained on the two discs - and those who voiced concern were ignored"
It will be interesting to see what the full report has to add to that.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}