Saturday, January 26, 2008

One Rule for You - One Rule for Me

So would you trust HM Revenue & Customs (HMRC) with any sensitive information or even to be able to do its important job, consistently fairly and accurately? If the answer is 'Yes' I would be surprised.

In March, I'm chairing the ecrime congress again and we'll hear how much worse the online crime problem has become and what is being done to tackle data theft and data loss by government and large companies. This year we have David Davis, the Shadow Home Secretary, the Directors of the US Secret Service and FBI, several large banks and ironically, the head of the French computer crime unit, making their point. I wonder if the French will have found the missing Société Générale trader by then?

Anyway, from this year, anyone wishing to file a self-assessment tax return after October will have to do so online or face stiff penalties, which is unfortunate if you are still one of the 20% of the population who stubbornly refuse to use the internet.

Worse still, is the news that if you aren't really important; an MP perhaps or a fottballer or a Prince or maybe even a Russian plutocrat, HMRC has admitted that it can't really guarantee that your financial data is secure, so you won't have to file onlike like everyone else. In a statement, HMRC said:

"HMRC online services are designed with security as an integral part of the service. We use leading technologies and encryption software to safeguard data and operate strict security standards.

"A tiny minority of individuals' records, including MPs, have extra security measures over and above the very high standards of confidentiality with which HMRC treats all taxpayers' data.

"The separate arrangements mean they are unable to use the online service."

Read into this what you may but I certainly wouldn't trust HMRC with 'any' sensitive information, given their appalling track record and cavalier attitude to the data protection legislation to date. The expression, 'Unfit for purpose' springs to mind and I will certainly let you draw your own conclusions from that.

4 comments:

Anonymous said...

Reading the headline to this post "One rule for you- One rule for me" I thought for a moment that the Doc must be 'posting' about the strict planning rules for us (Queen Street uvpc windows described as "effectively vandalism" by Planning Officers) and the 'waived' planning rules for TDC and Broadstairs TC ( really serious vandalism at Stalag Culmers Land).

How disappointing to read on and discover its about on-line lack of security; he has a point though. No way would I trust my data on-line to a Goverment Organisation.

chris wells said...

Actually, I believe Broadstairs Town Council has the planning ability to make minor changes to its land....however, joking aside, I think a bit of a bollock has been dropped here, Cllr Cameron, and Hayton, as Ward Councillors, and myself are all talking to the various parties to seek a resolution, as is Cllr Crotty and others. Obviously such discussions cannot all be public, but equally obviously any outcomes will be made public. I can say no more than watch this space, we are trying.

Anonymous said...

I can vouch for that and support Cllr Wells comments. We also need to remember that our Councillors are actually trying to do their best for the people of Thanet in their own time and whilst having to earn a living!
A big problem has been created in Broadstairs largely un-intentionally and for the best of motives (urgent allotment security) and without the full realisation of what was happening until it was done.

Cllr Wells is too loyal and quite rightly so to suggest where responsibility lies but a lot of time and effort has already and will be expended to put it right by our elected representatives.

Cllr Wells is quite right in saying that TDC and Broadstairs TC do not need to gain planning consent for 'minor works' on its own land (Culmers Land is held in trust by Broadstairs TC). The interpretation of 'minor' in this case beggars belief but if a review of procedures results, at least such problems might be avoided in future.
Better get back on topic and comment on e-security or the Doc will be at me in the morning; yes don't trust Government and lets not have ID cards.

Matt B said...

I've said it once. I shouldn't need to say it again - the quality of government IT infrastructure and training is such that the word pathetic would be complimentary. Especially as the average script kiddie can do a better job in one day with nothing more than a broadband connection and a little spare time:

http://lordmattandyou.com/open-letter/Open%20Letter.html