Failure to encrypt data leads to U.K. criticism

In a parliamentary debate over HM Revenue and Customs loss of 25 million people’s records, opposition MPs have attacked the government’s failure to encrypt sensitive data on members of the public.

The HMRC data loss occurred when unencrypted data on two CDs, including names, addresses, bank details and other confidential information on child benefit claimants and their children, was lost in transit to the National Audit Office.

In a stormy debate in the Commons, Liberal Democrat MP John Hemming — who has a background in IT and data security — said one of the biggest problems with the HMRC breach was that data was “not encrypted, but merely password-protected”.

He asked: “Why, therefore, has the department not said that while the review continues, any data discs should be sent out in an encrypted manner? Merely having a sign-off from a senior manager would not prevent exactly what has happened from happening again.”

Acting Liberal Democrat leader Vince Cable followed up, warning that the lost data, if it fell into the hands of criminals would be worth “around