Glaswegian

Systematic failures and "woefully inadequate" processes for handling data at HM Revenue and Customs (HMRC) led to the loss of personal details of 25 million people, according to two scathing reports published Wednesday.

Fragmented and complex IT systems made it difficult for the organisation to identify and manage its information security risks, the Poynter report stated.

The report - which highlighted serious structural failings at HMRC offices and said the loss was "entirely avoidable" - was the result of a review into HMRC's security procedures by PricewaterhouseCoopers chairman, Kieran Poynter, in consultation with the Independent Police Complaints Commission (IPCC).

Another report by the IPCC also dealt HMRC a heavy blow, stating information security "simply wasn't a management priority". The IPCC report looked into the series of events that lead up to the loss of data to consider whether any criminal conduct or disciplinary offenses had been committed by HMRC staff.

While IPCC found no evidence of criminal misconduct, it said corporate data handling was "clearly woefully inadequate."


http://www.techworld.com/security/ne...&NewsID=102025