They've got your number: State's hunger for personal data raises security fears

Sign up for the View from Westminster email for expert analysis straight to your inbox

Get our free View from Westminster email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

There are increasing fears that Britain could suffer a repeat of the HM Revenue & Customs data loss as the scale and breadth of personal information held by government bodies continues to grow inexorably.

As the police step up their search for the two missing Inland Revenue computer discs containing the banking and personal details of 25 million people, ministers have been warned that the potential exposure to theft and identify fraud could be present for many years to come.

And in the most chilling assessment since the Government admitted the security blunder, the man in charge of setting up the country's biggest medical records database has said he does not believe it is possible to make such systems foolproof.

Richard Jeavons, the director of IT implementation for the NHS, where there are plans to put 50 million patients' details on the database, told the Commons Home Affairs Committee that, when it came to protecting information, "you cannot stop the wicked doing wicked things".

Yesterday, as he faced a barrage of criticism over the Government's handling of the crisis, the Prime Minister performed a swift policy U-turn by announcing that Richard Thomas, the Information Commissioner, would be given new powers to carry out spot checks on the databases held by public sector organisations.

As recently as 25 October, the Government rejected Mr Thomas's request for such a power in response to a Lords committee. It said then that "the current enforcement regime for data protection is fit for purpose". But yesterday an embattled Mr Brown appeared to relent, adding that he would also consider the commissioner's plea for the creation of a new criminal offence of "reckless disregard of data protection principles". He insisted: "We will do everything in our power to ensure data is safe."

Mr Thomas welcomed the move, but said more would have to be done. "The law needs to be changed urgently so that people's personal details are properly protected," he said. "Privacy matters more than ever. It is not just about the law. It is about retaining the trust and confidence of the population where so much information is entrusted to government."

The Government now holds more personal information on individual members of the public than ever before. And in the next five years there are plans to add hundreds of millions more personal records to new or expanded databases. The UK's DNA database is the biggest in the world, holding four million profiles and growing by 30,000 every month. It includes records for 900,000 children, 108 of whom are under 10, raising concerns about the threat posed to children from the unchecked growth in personal information registers.

Ministers are also planning to set up another database listing the personal details of all children in England, including their age and where they live. ContactPoint, previously known as the "information sharing index", is supposed to be used by social workers, but children have expressed fears that the information could attract paedophiles and others who should not have access to their personal details.

While the thrust of the criticism over the HMRC data scandal has been directed at the Government, there is growing anxiety about the exponential growth of databases belonging to private companies. These include organisations handling details about finances such as banks, building societies, loan companies and credit checking agencies. But there are also worries about the role of marketing and sales companies that have grown their own private databases which they use to sell personal information.

The arrival of internet shopping has brought new exposure to identity fraud. Millions of people surrender personal and financial information when conducting transactions on the internet or join social networking websites.

In an echo of events that foreshadowed the security blunder at the Revenue, the Government has announced plans for the General Register Office in England and Wales to be merged with the Identity and Passport Service from next April. The change will mean that the responsibility for overseeing the recording of births, marriages, civil partnerships and deaths in England and Wales will transfer from the Office for National Statistics (ONS), which is to become independent of ministers, to the Identity and Passport Service, an executive agency of the Home Office. The blunder at the HM Customs and Revenue followed a merger of Customs and Inland Revenue.

Helen Lord, the compliance director at the credit reference agency Experian, said yesterday: "The children whose names, addresses and dates of birth have been lost are also at risk, especially those who are between 15 and 17 years old now. The fraudsters will wait until they turn 18 and start applying for loans, credit cards, mobile phone contracts and other credit products in their names. That could have a catastrophic effect on their ability to get on the housing ladder, rent a flat, obtain their first credit card, obtain a loan for their first car, even open a bank account."

Last night lawyers who had been contacted by members of the public said they were investigating claims for damages and distress against Inland Revenue.

Who holds your details?

Child Benefit database

The database, at the centre of the latest crisis, holds information on all child benefit recipients, details of 25 million individuals and 7.25 million families

National Identity Register

Linked to the introduction of ID cards, it holds data on your name, address, gender, date and place of birth and biometric information such as iris patterns

Criminal Records Bureau

Contains name, address and details of any convictions for criminal offences

Passport database

Has your address, date and place of birth and your travel history

Driver and Vehicle Licensing Agency

Details of any penalty points will show up alongside your name, address and date of birth

Proposed EU-wide census

Facts and figures on population and housing across EU would go further than any national census

NHS electronic patients record system

Part of the Government's £12.4bn National Programme for IT, aims to put all patient records online

UK DNA Database

Biggest DNA list in the world covers 5.2 per cent of population. 30,000 additions every month

Inland Revenue

Has on record the name, address and financial details of everyone who pays tax in Britain

ContactPoint

Part of the Government's Every Child Matters programme, it holds details on every child in England, including name, address, gender, date of birth and an ID number

Have your Say: All the fault of Brown, or just a storm in a teacup?

Why should the Chancellor take the fall? He is not the one who created the discs, he is not the idiot who posted them and he has probably never met or heard of the person who did. That idiot is the person, along with his immediate supervisor, who should be feeling a great deal of heat.

Gavin

The Government has failed in its duty of care. It doesn't matter that it was the probable actions of a junior member of staff. Both Alistair Darling and Gordon Brown are culpable. These arrogant men should both resign.

PDS

Gordon Brown is to blame. As Chancellor, at the same time as he introduced ever more tax regulations of bewildering complexity, he was talking tough management-talk about efficiency and axing tens of thousands of public-sector jobs. The jobs are duly going and the pitifully paid clerical employees at places like the HMRC and the benefits agencies are stressed out of their minds. As a result, they take short cuts.

Chris Bailey

This seems to be a storm in a tea cup. In sending the data as magnetic media the Revenue has avoided the risk of any hackable system inter-connection. The data files were encrypted. This being so, it will now take any data-thief with their own supercomputer some decades, or longer, to break the code and reveal the information.

RJB Lovekin

At least Paul Gray has been honourable enough to resign, unlike his political masters. The only solution seems to be to change my bank account, move, obtain new national insurance numbers for my partner and all our children; or, alternatively emigrate!

Peter Little

I agree that Mr Gray should keep his pension. I agree that he should not receive a special resignation package. Pity this principle is not applied to the City where his equivalent opposite number would have walked away with millions.

John Thorpe, Milan

What this and previous episodes demonstrate is the damage that occurs when vast amounts of data meet human fallibility. Human fallibility and criminal intent are ever-present; a genuinely prudent government would recognise this and abandonits obsession with the National Database and the Connecting for Healthproject.

John Levett

Have your say