It seems that our glorious government (yeah, I know, the sarcasm will drip on the carpet…) has outdone itself once again. Having admitted twice already in recent days that it had “misplaced” the details of millions of British taxpayers, it has just had to admit to having lost the child benefit and bank details of, get this, 25 million people.
Yes, you read that right. Nearly half the population of our country has just been told that a CD containing (apparently) unencrypted copies of their personal data has been lost in the mail.
Why didn’t HMRC encrypt the data on the CDs? Why didn’t they send the data by encrypted e-mail? Or upload it to a secure server? Why did the National Audit Office not simply have access to the HMRC computer system?
(I’ll just add that I don’t think it’s fair on the basis of this almighty cock-up to criticise the idea of identity cards. If we’d had identity cards and a proper centralised database, there wouldn’t have been any need to send the data on blasted CDs in the first place. But it does show that whoever is in charge of the whole identity card and government database project needs to know what they’re about. i.e. Let’s not use the same people responsible for this debacle. Or the people the banks used to design their Chip & PIN system, which it turns out is not nearly as secure as it could have been.)