Memorandum to HM Passport Agency.
Please send all records (for statistical purposes only, honest) to our contractors c/o The International Audit Office, PO Box 666, Kandahar, Afghanistan.
Thanks in advance,
A. Clerk, Jnr.

Mike, Chippenham,

Brown and co have taken the meaning of the word incompetence to a whole new level. How can they possibly lose data on 25 million people? is that even possible?
They are more than happy to tax us until our wallets are empty, but they cannot make sure that our personal details are taken care of. This country is turning into a sinking ship, thanks to Labour. Brown can kiss the next election goodbye because I for one will make my views known during that election.

Jessica, Coventry, UK

Aside from management issues of the data loss which have been commented upon by nearly all your correspondents, I am astonished that in a country that has very nearly full employment, there are 25 million people - half the population - claiming/entitled to child benefit. Twenty-five million! No wonder Britain is a nanny state!!

J.J.Kennedy, Vives, France

It takes a receiver as well as a sender. There must be people in the National Audit Office who agreed to this multiple bungle and those people don't deserve a medal either. How about it?

ian gowans , London, UK

Sir,

How long before every paedophile in Britain has access to this lost, stolen or sold information? How long before a simple online search can find every 10-yr-old girl (or boy) in your neighbourhood? The utter incompetence of this administration has put far more than our bank accounts at risk.

Robert Firth, Singapore,

I agree this is gross incompetence on behalf of a junior member of staff and their supervisers. As for all the banging on about 'public sector' - don't you remember that a few months ago Nationwide Building Society was fined after a member of staff downloaded 11m customers' details onto his laptop and it was then 'stolen' from his home? Also let's bear in mind that 100% of IT work is now outsourced to.. you guessed it... PRIVATE sector! And if you ask me, it's the company who wrote the database who are at fault for not making it secure enough. I work at a University where we have thousands of alumni details on our database (which incidentally was written by a member of Uni staff on a normal salary, not some inflated multi-million contract). Our system requires indivdual passwords and each person can only access certain areas of the data - and NOBODY can migrate or download the data without various individuals enabling this to happen. It ain't foolproof, but it's not far off!

June Flatwood, Newcastle, UK

There is no way that the data for 25 million people could be stored on two CD's as there is just not the capacity to hold this volume of data?

Ray Monk, Norwich, UK

Something doesn't add up here. A CD holds 700 Mb of data, two will hold 1400 Mb. If there are 25 million people, by my reckoning that will make just 56 bytes per person, hardly enough to cover "names, addresses, birth dates, national insurance numbers and bank account details". Either a lot more disks went missing, or somebody is spinning the amount of data lost.

Paul, High Wycombe, UK

So, it is apparent that the biggest threat to our safety and security is actually the Government. I expect, however, no Minister will lose his job.

Freda, Gloucestershire, England

Total and disgraceful incompetence.......no change there then.

Isn't it time Nulab went?

Mike, London ,

P R Johnson, Richmond-on-Thames - my thoughts exactly!

Anna, Birmingham, UK

The idea of public sector IT security is a myth. There are plenty of so-called civil servants and external IT contractor personnel capable of (and willing to) hack into the databases held by their departments.It's well known that the entire DVLA database is in the criminal domain which is why cloned cars are so common. Anyone who thinks that copies of the NHS database aren't held by the drugs companies is living in cloud cuckoo land.
The fact that someone can burn a sensitive database on to a couple of CDs and 'pop 'em in the post' comes as no surprise.

Tony Jones, Grantham, Lincs

First - extract Customs & Excise out of the stupid merger that the latest PM's disaster created.
Second - kick out this expensive and error-prone government.
Third - voluntarily recompense all those innocent families for the devastation this idiotic error is going to cause them. That is, before they ALL sue the government for one of the most crazy errors in memory!

Ray Pressnell, Morecambe, England

I worked for a private company for many years that was contracted to write the software and manage the databases of a very similar demographic of people within local government. If this incident at HMRC raises eyebrows, you'd be absolutely flabbergasted at how the information we dealt with was managed. The thin veneer of policy and procedure is brushed aside by the need to have to do lots of things quickly and make plenty of money. The potential for this type of data to be stolen to order without a trace being left is far more serious than the consequences of it being lost in the post and accidentally falling into the hands of opportunistic criminals who don't have the faintest idea what to do with it. This incident is an easily digestible scandal with a clear culprit. The behind-the-scenes technical and internal gaffes that I witnessed are several orders of magnitude worse but you'd never see them decorating the headlines.

Jamie Flubert, London, U.K.

The synopsis is:

1.The Civil service is not competant & is less skilled or capable than large multinational companies carrying out similar tasks.
2. The dataprotection act has been breached.
3. All related management that allowed, overlooked, were not aware that an employee could download such data are neglegent or incompetant.
4.Every employee that was aware that such data was posted is culpable.
5. Darling is relatively the new boy. Brown presided over this level of incompetance for a decade. It is the systems & processes that the government !managed! & have had responsibility for that have allowed such incompetance.
6. British civil servants are rarely fired, the ratio fired compared with the real world is startling. Civil servants are moved on,or put into a pool or when asked to leave retain all pension rights even when the reason for exit is gross misconduct or incompetance!
Add this to the broad failings across the management of UK PLC leaves one conclusion. Labour Out!

MT, London, UK PLC

Darling should resign he is, like his boss, not competent to run this country.

Michael Broom Smith, Bromyard, UK

Advising people to monitor their accounts only covers part of the potential problem. What about accounts / loans taken out in the name of someone on the database but without their knowledge?

Taffy, Manchester,

A new name for State-funded incompetence - "Darling".

John, Birmingham, UK

Why was this information being sent to the NAO in the first place? What was the NAO going to do with it? The NAO are a bunch of auditors!!!

Alicia, London,

This is toxic waste for the government from all sorts of voter groups

if you're a man with children - the govt. exposes your financial information affecting your financial security
if you're a woman with children - the govt. exposes your children's personal information for paedophiles
anyone else - you can't trust the government to be competent

just like black monday wasn't exactly the tories fault, so this is not darlings' fault, doesn't matter, labour are finished now.

Simon Skinner, Surrey, UK

Has nobody ever lost a registered or recorded delivery letter?

At least HMRC would get compensation to the value of the two disks if they were lost. About £1.50. There's no allowance for consequential loss in sending by this method. Is this the extent of correct security procedure?

Stefan, La Bastide de Besplas, France

It is disappointing that a senior person is forced to resign over something he was probably not aware of. However, if this is the norm, then Mr Darling should also consider his own situation, particularly when he did his best to blame others for the government's own delay. I am a 63 year old who is in need of work... I have more skills in my little finger than some of those politicians, but probably I'm too honest for my own good. Government talks about eliminating ageism... I don't have an issue with a prospective employer telling me that he would prefer someone who can give him a longer working life, but I think government should give incentives to employers to take on people like me.

Dennis Halligan, Dunfermline, Scotland

And this is the government that wants to keep the whole nation's medical records on a computer!

I think this occurrence demonstrates that massive organisations always find a way to allow human error to cause mistakes.

Say no to centralised NHS records.

Jeremy Budd, Taunton,

The data protection act should be changed to include heavy penalties if sensitive personal data is held or transferred without being encrypted. It is a simple level of security and would require the simultaneous loss of the key and data. The encryption keys should be sent by a different route to the data.

David J Changer, Winchester, Hants.

Resign

Richard Straughan, Bath, UK

I think this Revenue scandal highlights the blinding inadequacies of the Government's Public Sector Security Clearance vetting procedures for IT workers.

IT workers who wish to work in sensitive Public Sector IT areas, such as the Revenue, have to undergo Public Sector Security vetting. However, it is common knowledge amongst the UK IT contractor workforce that this procedure is often used by Public Sector IT Managers to turn down IT Contractors for interview, let alone for work, on the basis that the vetting procedure takes weeks if not months.

Some argue that this Public Sector Security Clearing vetting procedure for IT workers is often used by poor Public Sector IT Managers as an excuse to hide their own inadequacies and protect their own jobs. Perhaps the last thing they want is IT workers from the Corporate Sector highlighting poor procedures such as, ahem, allowing any old Tom, Dick or Harry to download, copy and walk off with half the UK population’s financial records!

JC, Swansea, UK

Since Capgemini won the outsourcing of HMRC IT (under the Aspire contract) they've been rotating Indian nationals to work on the contract for fixed periods.

Capgemini now have a cadre of Indian staff who know how to run HMRC data processing. Were they were getting ready to hugely increase their profit margin by proposing taking the work offshore (the contract is until 2017, so for Capgemini partners it's pure profit)?

After having 'lost' this data, would it now be politically impossible for Labour to agree to putting taxpayers data on a hard disk in Mumbai? Whose jobs would be kept in Britain as a result?

Colin Soames, London,

Mr Darling set himself the rather weak target of having succeeded in his office if the Treasury were kept out of the headlines. It seems that he has failed even in this. Given this government's obsession with imposing targets and penalties on other people, will Mr Darling accept that he has failed to meet even his own target?

Surely such a failure must be met with financial or other repercussions (the most obvious would be paying the fees for the credit reference checks of all those affected. The statutory charge is around £2 per person. Maybe HMRC staff could take a pay cut to reimburse that sum? Perhaps Mr Darling could set an example to them).

John Scott, London,

I could use some new passport numbers. could you ask someone to mail me the British passport database?

Jonathan L, Tel-Aviv, Israel

We used to have a "thing" called the Post Office which had expertise in moving mail, parcels, etc. across the country and beyond with procedures for handling sensitive items.
Competition may be good for lower prices (but I very much doubt it) however the downside is loss of pride and conscientiousness of the employees in delivering goods (people in the case of transport) to destinations in a timely and effective manner.
So as well as blaming the junior member of staff in HMRC, what about the courier company and its responsibility to its paying customer??

John Evans, Alton, Hampshire

By bringing this event into the public domain it has enhanced the prospect for thieves to want to get involved in finding this disk

Louis Blanc, Liverpool, UK

Data banks too big with too many staff with access rights.How can personal details be secure?Can't believe such a staggering number of peolple affected.Nearly half the population!Where's the management , where.s the policy, where's the protection and where's the accountablity.

Robert Simms, bristol, uk

Affected? Remember, failure to protect sensitive personal data is a breach of the Data Protection Act - you can take action against HMRC on this basis.

Jim Broadhurst, Burnley, England

Poor Darling, better check Gordy's pockets after all this takes our minds off him over the lack of an EU vote, immigration, petrol prices, prisons etc etc etc etc etc ................

Kate, Newcastle, England

Aside from the embarrassment factor, the manner in which this data was handled by the Government must surely be in breach of at least one clause/requirement in the Data Protection Act. It must be time for the Data Protection Registrar to mount an enquiry and if necesary take punitive action.

NeilWP, Frankfurt, Germany

Why was the database exported on CD in the first place? absolute lunacy - breaks the very principal of security being able to export sensitive data such as this!

alex, surbiton, surrey

I don't see what the problem is. The population of the UK is in much greater danger of being systematically fleeced by the Inland Revenue than by illegal, (as opposed to legalised), theft.

eric campbell, harrogate , uk

It was a pleasure to witness the unease of Alistair Darling attempting to calm the fears of those affected by this latest fiasco and Gordon Brown's face said it all. Power is slipping from their grasp and not too soon for the majority. A trickle of bad news is turning into a torrent and one wonders when more revelations of ineptitude and incompetence are to be disclosed. Can England afford 'New Labour'? I, for one, think not

Rod Ballard, Leicester,

The pen pushing civil servants still \live in the pen pushing age.They were not trained in IT and do not yet understand computers

They have experts to guide them.Unfortunately these specialists are only interested in the development of IT and pay scant attention to security

The govt should require every civil servant to be au fait with IT and computeracy,no matter what their age or grade and retire those who fail the test

Alex Pomeroy, London,

This was not a momentary blunder, but a systemic defect. It is no good saying there was a breach of guidelines. The fact is, a junior official should never have been able to upload the personal details of millions of Child Benefit claimants onto the disks in the first place. Access beyond "read-only" access should be restricted to a small number of security cleared personnel and made available to others only with senior management approval and in encrypted form. What assurance is there that other government departments and agencies are guarding our details vigilantly? Will our medical records be treated in such cavalier fashion? In any event, who is to say another, dishonest, junior official has not already sold a copy of the details of all Child Benefit claimants or income taxpayers to criminals?

P R Johnson, Richmond-upon-Thames,

At a time when ID theft is one of the biggest personal risks we face, this incompetence is simply not acceptable to the citizens of this country.

It is conceivable that we could contemplate the risk of even more personal data being subject to the certainty of eventual compromise.

The government must accept that we will not stand for its ID card proposals.

Ubi, Aberdeen, UK

Isn't that 25 million MINUS the millions who are already careless with their own data? I don't believe that half the population routinely shred all sensitive paperwork, do you?

Ian Kemmish, Biggleswade, UK

What an utter disgraceful, alarming blunder by this inept and totally incompetent government.
They are guilty of breaching the very Data Protection Law that they themselves implemented.

Paul Gray has proved an honourable man and others should follow suit. Not least that weak and inefectual Brown's puppet chancellor Darling. Obviously Brown himself was pulling the strings as was seen on national television on the Commons Live program, he should go too as a gross incompetent.

How dare they blame a junior clerk when procedures should have been in place to prevent it happening in the first place.

Watch out for another smokescreen in the near future to detract from this debacle.
Watch too how McCavity Brown will distance himself from the whole issue.

Dek Crossingham, Birmingham, England

And we are meant to trust them with information for ID cards????

Andy, Petersfield,

So what are the government going to protect us 25 million on these benefit databases?
How about offer free subscription to an identify protection scheme of which there are several.
?

J Barber, Bracknell, Berkshire

The entire public sector is built on a tissue of inane assumptions. Note the comment about "registered post". What earthly difference would that have made? legally, th email service is deemed secure due to case law. What nonsense! But this is the policy nonsense that public servants will rely on if their actions are called into question.

The private sector could never get away with such inanity because they can be sued. Expose civil servants to the risk of personal prosecution.

And you think this lot can be trusted with your personal information to administer an ID card! Suckers!

Wilbur, Cardiff,

This is a breach of the data protection act. Therefore anyone effected at all could take legal action against HMRC. They could expect compensation for the all the trouble involved in changing banks and the stress etc

Anyone could have told you they were incompetant; you only have to have dealt with them over the last couple of years to know that.

Jack Terrence, bradford,

This government is now a joke. There have to go. We are becoming the laughing stock of Europe. We are far to soft in this country, we need a change of government, a dramatic change. We cannot allow anymore pathetic blunders.

M Maggs, Carterton, Oxfordshire

It's also a clear breach of the Data Protection Act by the HM Revenue & Customs (Principle 7 - keeping subject data safe). The Revenue have acted illegally. Opposition MPs should press for a full enquiry by the Information Commissioner's Office.

Frank Upton, Solihull,

Remember all those that supported the national ID card scheme, the DNA database and the global NHS IT system? They said we had nothing to fear.....the government said "Your data will be safe with us!!!

Phil, Preston,

No doubt the same impeccable, infallible procedures will be in place for the national ID card data base?

p.f, Aberdeen,

HMRC cost savings instruuctions; Use plain brown unpadded envelopes, recycle them and post all mail second class post...................most people don't even return post Movie C.D.'s in unregistered mail.

David Webster, Holsworthy, England

Maybe they should take a look at how effective the Royal Mail is while they are at it!

Emma, Singapore, Singapore

how do we know that the data hasn't been downloaded previously or indeed this morning and sold to anyone who could use the information

steve , london, uk