News 

Not enough has been done to prevent a recurrence of the recent loss of data on 25 million people by Her Majesty's Revenue & Customs, says John Hemming MP, who advises the Liberal Democrats on Data Security.

The only change that has so far been implemented is that a manager must now approve the sending of data via CD, according to Hemmings. However, as no realistic alternative has been offered to staff, then managers will have little option but to do

ADVERTISEMENT

so.

"It is quite simple," he says. "If they do not have the facility to copy everyone's confidential data onto a CD then they won't do it. In practice, over time, you need to secure the hardware side of things. You can't just have any old PC sitting there with a CD recorder."

"Normally what happens is that we close the door after the horse has bolted, but in this case we're leaving the door open for more horses to bolt," he says.

Although encrypting the data would improve security, the discs should never have been sent to the auditors in the first place, Hemming believes. "The National Audit Office should have gone to the HMRC office, rather than the other way around," he says. "It may be a pain for an auditor to go there, but if you're actually auditing something you go to where the data is."

On occasions where data must be transferred, Hemming says it should at least be transmitted securely, ideally with open-source software. "Publicly available software, like SSL Explorer, would do the job of securing data," says Hemming. "It's actually better to use open-source software because its peer reviewed. I'm not comfortable using proprietary software."