The lamentable, if not unexpected breach of data protection by HMRC todaay raises different issues for me than the headline grabbing loss reported by the media. For me the issue is how any one single person is allowed to download data on to CD without multiple signoffs. In my opinion there is no way this kind of data, let alone the quantity should be just downloadable by any member of staff below a very serious rank, and even then only with sign off by one or more other independent data guardians thereby re-inforcing the seriousness with which this data should be handled.
Really the government should use this disaster as a way to really shake up data protection mechanisms re-inforced by law. I also believe that this data, wherever held, is my possesion and not someone elses to give away. Sepcifically I believe that this data should not be aggregated in this way either by government or other third parties. If you take out any of the services from experian, equifax etc to look at your credit profile online you will see that these ‘aggregations’ have all sorts of data including credit limits, balances and payment history. This should just not be available in this format, its a recipe for disaster. The government should enable all citizens, especially those who really care to be the custodian of their data and not an unaccountable third party.
I’m sure the government won’t do anything as helpful as this, and I fully expect another damaging leak to happen not far down the road because personal data is just not being protected properly.
