E-mail messages released by the U.K. National Audit Office reveal Her Majesty's Revenue & Customs did not strip out bank account and other sensitive details contained on the two CDs that have gone missing because of the extra cost it could have incurred.
The National Audit Office (NAO) has released the details of an e-mail exchange between the junior manager at Her Majesty's Revenue & Customs (HMRC) responsible for sending the CDs containing 25 million child-benefit records and the NAO, with a senior HMRC manager copied in on the email messages--although both sides agree the senior manager was not responsible for making the decision to send the data in this way.
The first email exchange relates to the NAO's request for national insurance numbers from the child-benefit database for the 2006/07 audit.
At 08.20am on March 13, 2007, the junior HMRC official sent an e-mail to the NAO attaching a data scan and sample of the data extracted from the child-benefit database by IT services company EDS.
Later that day at 14.41pm, the NAO official sent an e-mail reply asking for the data to be filtered. The e-mail said: "I do not need address, bank or parent details in the download--are these removable to make the file smaller?"
The HMRC official responded at 15.23pm, writing: "Your original request was for a 100 percent scan of the data, and fortunately a scan was complete earlier this year, and we have shared this with you at no additional cost to the department. I must stress we must make use of data we hold and not overburden the business by asking them to run additional data scans/filters that may incur a cost to the department."
That data was sent without being filtered, in 100 zipped files on two CDs, but did arrive safely at the NAO. Then, in October, the NAO made another request for the same child-benefit data for the 2007/08 audit.
An e-mail on October 2, 2007 from the NAO to the HMRC official said: "Please could you ensure the CDs are delivered as safely as possible due to their content."
Those CDs were sent on October 18 by HMRC to the NAO but never arrived and are still missing.
The e-mail messages will heap more pressure on the chancellor of the exchequer, Alistair Darling, who failed to mention the details of this e-mail exchange in his statement to MPs on Tuesday, despite it being included in the briefing paper to him from the NAO.
HMRC declined to comment while the police investigation is ongoing.
The full e-mail exchange can be viewed on the NAO Web site.
Andy McCue of Silicon.com reported from London.
Play video
There are currently no comments for this post.