HM Revenue and Customs has promised to make its “best endeavours” to improve data security by 2011, in line with recommendations made in a key review.
Last year's Poynter review made a series of strict recommendations to improve HMRC's security, following HMRC's loss of 25 million people's records on computer discs in the post. The report called HMRC’s data handling “clearly woefully inadequate”, adding that it “simply wasn’t a management priority”.
HMRC's Autumn Performance Report has said a data security improvement plan, put in place following the review, and the department will make its "best endeavours" to implement the Poynter recommendations by the target date of 25 June 2011.
Steps taken so far include restrictions on portable devices such as CDs and USB memory sticks, on which data will only be saved “where there is a compelling business case to do so”. There are also limitations on bulk data transfers, only allowing the movement of “business critical” data, with tightened security and improved encryption.
Staff would also be held accountable for any data loss, HMRC insisted, and each section now has a data guardian, an “expert and champion for data security”. Employees have to attend data security workshops and they have been issued with a book containing security rules.
"It is essential that all of our colleagues know that data security is both an individual and a collective responsibility,” said HMRC chairman Mike Clasper in a foreword to the report. “A key step towards achieving this goal is clarifying what our senior leaders must do in their business area to effectively discharge their key accountabilities."
Separately, HMRC has also rolled out a number of key online services. Tax self assessment forms, and a validation engine for self assessment and pay-as-you-earn tax, were both launched in April last year, in “the largest online IT release in HMRC’s history”.
More people are now using the online forms, HMRC said, with over two million self-assessment tax returns filed on the web in the year to November 2008, a 38 percent growth compared to 2007. However, last week it emerged that fraudsters were targeting taxpayers with scam emails purporting to come from HMRC in the run up to the 31 January self assessment tax deadline.
HMRC said it has also made “substantial” investments in other IT systems. It expects to save £49 million this financial year from changes to its Aspire contract with Capgemini.