The review of the data loss fiasco at HM Revenue and Customs will report within three weeks on the “exact circumstances” that led to 25 million people’s personal and bank details being lost in transit to the National Audit Office, the Treasury has promised.
Chancellor Alistair Darling announced the review in a statement to the Commons earlier this week. It will be carried out by a team from PricewaterhouseCoopers, led by the firm’s chair, Kieran Poynter.
The Treasury’s announcement of terms of reference for the review follows publication by the NAO of email correspondence showing that HMRC had been reluctant to filter out bank details and other confidential information from the information it sent to the audit body because this would have cost it extra.
The Poynter review will be carried out in co-operation with the Independent Police Complaints Commission and the information commissioner and will “take into account” the current investigation by the Metropolitan Police.
The review will probe HMRC’s practices and procedures for handling and transferring confidential data on taxpayers and benefit recipients, the way these procedures are communicated to staff and the safeguards in place to ensure they are adhered to, the Treasury said,
Poynter’s team will also look into why HMRC’s procedures failed to prevent the loss of confidential data.
The review will report by 14 December and make interim recommendations on any further urgent measures that HMRC should put in place to safeguard its data.
A fuller report in the spring will consider the wider implications of the HMRC debacle and how the department’s procedures can be strengthened in future.