So where are the CDs?
Her Majesty's Revenue and Customs have begun sending letters to the over 7 million households affected by the child benefit fiasco. The letter seeks to reassure people by stating that the missing data "is likely to still be on Government property". ().
How on earth does HMRC know that the missing data "is likely to still be on Government property"? When I asked their press office I was told that "this was the indication of the investigation" and that the chancellor had already said as much. A quick check of Hansard reveals that he did not say that. He did say that there was no evidence the data had fallen into the wrong hands but there is a big difference in these statements - one says "don't worry your heads", the other "so far there's no proof crooks have got their hands on your precious personal data".
Meanwhile, the National Audit Office is preparing to release to MPs the exchange of e-mails between its officials and staff at HMRC. These e-mails will, it's claimed, show that the official at the HMRC who sent the e-mail was "a junior official" and that, although the e-mail was copied to a "senior official" there is no evidence that that senior individual took the decision to release the full database in breach of HMRC procedures and, almost certainly, the law.
Note: the term "junior official" has a precise Whitehall definition. It means below Grade 7. Thus, confusingly, someone termed a "senior business manager" may still be a "junior official" in Whitehall speak
UPDATE 1430GMT: Oh dear oh dear oh dear. Apologies for my statement above that "the term 'junior official' has a precise Whitehall definition. It means below Grade 7." That is what I was told. Now I'm told that the only cross-Whitehall definition of junior is someone not in the "senior civil service" i.e. the top brass - permanent secretaries, directors general, who are Grade 5 and above.
So, is a "senior business manager" in HMRC junior or senior? Wish I knew.
Comments
Keep asking those questions, Nick. There are many things about this story that make no sense whatsoever, and I suspect we are still a long way from knowing the truth, if we ever will.
The bit about the "junior official" was hard to believe in the first place. I know HMRC are incompetent, but surely even they are not incompetent enough to give junior staff such unfettered access to such confidential data. Or are they? That would be a really good question to ask.
And I also really don't believe a word of the story about it being "too difficult" to strip out the confidential data and send the NAO only what they asked for. It's hard to believe that would be more than 10 minutes' work for any competent database administrator.
Beyond the disks and the other cock-ups, what we are seeing is almost Shakespearian and the roots of it are in the Blair-Brown relationship.
Brown was in a hurry to get to No 10 and took his eye off the ball at No 11. Had Brown not been so desperate to take the reigns of power he could have concentrated on his own job, Blair could have finished his term and the party could have stood for reelection in the normal way.
But we know that Labour were sliding in the all-important opinion polls and Brown thought he could turn all of that around with a new vision, new leader approach and settle in as PM for another term. He bottled out when he had the chance and I think the public are getting a sense of how grubby the whole affair has been and the way the Labour party have tried to bounce the public into another term of Labour power.
The government is clearly making use of the media's unwillingness (or inability) do distinguish between fault and responsibility.
No-one really cares which individual perpetrated the leak; the fact that such a leak was possible is a catastrophic institutional failing, and the responsible individuals are the treasury ministers; specifically Andy Burnham, Alistair Darling, and Gordon Brown.
They can decide between them who resigns. I'm not fussy.
Nick,
Government seem to think that blaming this on a "junior official" is a good tactic to save some political hides, but either they are lying and someone much more senior approved the downloading and posting of this information, or it really is possible for a junior official to download highly sensitive personal information, including bank details, about millions of people without any proper authority and supervision. To my mind the latter is a much more serious failing, in fact given the subject matter it is bordering on criminal negligence by senior management, but either way, senior heads, including political ones, surely have to roll for this.
...and this from the Government that was going to move away from spin! Unbelievable.
Nick
The revenue want to keep this person out of publiv eye so why don't you and your colleagues leave it be please he or she does not need to be hounded by the media who never tell the true story
At what point does the person in charge of the department - the chancellor - realise his position is no longer tenable. At the moment he is in charge of the Northern Rock fiasco and with this surely he cannot be allowed to remain, as he is fundamentally at fault with both situations.
Personally I find it shocking they blame the poor fella who did this. He was more than likely following orders of his superiors, and if he wasn't, but had copied an email, then his senior manager should also be sacked - however please make sure they are sacked on full pay and with their full pensions because that is only right in this situation!
Blame the temp!
Totally agree, Malcolm (2.33pm). I would like to think that it will happen.
It is symptomatic of the sheer incompetence of this administration that even in a situation of this political gravity they cannot get their story straight. If they want to kid us they might at least do us the favour of not insulting our intelligence by spinning us a story riddled with contradictions and inconsistencies and asking us to swallow it.
The split infinitive is not their finest hour either.
It still begs the question as to how any junior official was able to copy such sensitive information on to CDs.
Could every junior official do this? If so, what was to stop every such official being in a position to download the data and sell it? I find it hard to believe that this could be done without senior officials having to authorise it with a password.
This fiasco along with all the recent trials and tribulations of this current government is a prime example of someone trying and failing to control everything and everyone. You simply end up being in charge of chaos. He may have been a decent Chancellor, but Brown is a disaster as a PM; the sooner the Labour Party realises this, the quicker they can put a plan into motion to replace him. This job may have been his life-long ambition, but it does not mean he is suited to it.
One day English people will decide that they have had enough of the mainstream politicians and vote in some independents to shake things up a bit.
Until then, whether its Brown, Cameroon, or whoever is currently 'in charge' at the Lib-Dems, we English will continue to suffer these sorts of foulups.
In that sense, it is truly systemic.
That is, the party system itself is the root cause of these problems because it shapes decisions according to the views of a very narrow base.
Thus we English end up with flawed outcomes.
These sorts of problems will continue until we English start to generally become a bit more interested in politics and bring in some independents.
When I was doing some contract work for a government department some data went missing in the post and later mysteriously appeared on a shelf in the post room. These things happen as people make mistakes and don't want to take the rap. It shouldn't happen but it does.
I'm not interested in the man the barricades headlines or political posturing over this. It just alarms the public and upsets staff. It's probably fair to say the data is internal and will turn up. What remains important is how people deal with that. So far, Alistair Darling is setting a lead.
The generic issues are a no-brainer. By using this as an opportunity to develop sounder management and systems everything will improve, the chances of it happening again will be minimised, and government will be fitter for purpose. Aim for where the puck is going to be, Nick.
Why don't they just come clean and tell the truth? We're all adults and know that mistakes happen.
Incompetence is bad enough - deceit is infantile!
Nick
Don't get too hung up over the actual grade of the official with the title "Senior Business Manager" (and they will almost certainly be below a G7, definitely below a G5).
The scandal here is that the Government has tried to play their own role down by blaming the junior HMRC staff and glossing over the policy decisions which made this kind of mishap possible and even likely.
All government departments suffer from perpetual reorganisation to make Ministers feel important; getting rid of experienced staff too early to reduce headcount; making junior staff do work beyond their experience; and giving key work to consultants paid many times the salary of in-house staff for a poorer service.
This was just as true under previous governments but now with computer technology and increasing centralisation the risks are higher, as we have just found out...
Malcolm is spot on.
If it is possible for a "junior official" to be able to instigate a complete database download for an external body - which, as you say Nick, may well be illegal and is certainly morally reprehensible - then this is evidence of gross mismanagement. There should be no way that any computer system should allow a complete database dump onto a couple of CDs without multiple levels of checks and approvals. It suggests, if further evidence were needed, that despite successive governments - of all parties - spending a fortune on IT consultancy they have failed to implement even the basics of security. And that is a political error not just a line management problem.
Is it a very stupid question why the information was sent by post and not sent electronically in the first place?
Oh dear, Oh dear, Nick you ought to know all about spin and passing the buck by now.
A Junior official means A senior official who's not to blame when anything goes wrong.
So, this junior official decided one sunny morning to dispatch a couple of CDs all by himself... come off it, if this is the case then this is a criminal offense and you can bet all the ministers would be a happy smiling bunch, but no it isn't, there's a lot of worried cabinet ministers at the moment and chances are that he was told to dispatch them by a senior official.
Lets hope half a dozen Gorden Browns don't start popping up, that's my worry, ones bad enough and he is to blame not Alister Darling.
What a wonderful day to bury bad news! Let's roll out the announcement of HIPS on 3-bedroom houses while people probably will consider it good news by comparison!
Turning back to the subject of the blog, it was obvious this was the only remaining defence, "it's fallen down the back of a cupboard". In fact, there's three subclasses to the defence: firstly, they really did, and they've been found, secondly, they've been found elsewhere, and it's being made to look like they were under control all the time to avoid the long-term responsibility of the possibility copies were taken, or thirdly, let's dummy them up for the same reason.
It still doesn't answer the fact that such information could be lost in the first place, however. And worse, it still doesn't answer the lack of proactive intervention, replacing everyone's NI numbers and bank accounts, pain though that will be. And most damningly, it doesn't answer the delay, errors and buck-passing in the advice we've been given. Check your bank statements, indeed! By that time, the dosh is long gone, we're more likely to find out when our cards get retained by a cashpoint machine because our accounts have been emptied. Trust us...https://en.wikipedia.org/wiki/Trust_In_Me.
Basically Nick, anyone at Grade B1 and below is a junior official.
Anyone above B1 is in the Senior Civil Service (i.e. overpaid)
Dear Nick.
When your a captain in the Navy and you run a ship aground, your promoted to Admiral, and given a desk job, A junior officer is dismissed his ship, or she is,
So, when in the past England used to hang petty crooks and ennoble big crooks, What is this guy or lady going to get, probably a huge bonus and a golden hand shake a long with a civil service pension.????
Someone title 'senior business manager' would certainly not be SCS. But hardly anybody is. It makes the 'excuse' that it was 'only' a junior official practically meaningless.
It's a rubbish excuse anyway - it makes it worse, not better, that the 'junior' person responsible was not better supervised or, better still, just prevented by the computer system from downloading this data.
This account sounds the most plausible.
The junior IT worker at the centre of the blunder was last night in hiding at a hotel in the North-East where he was being guarded to try to protect his identity from leaking out.
He is said to have been told by a senior manager at the HMRC offices in Washington, Tyne and Wear, to dispatch the compact discs without an explanation on October 18, and was unaware of their importance.
A source said: "He put the discs in the internal post, unregistered and not recorded, and they were taken away by the couriers, TNT. The rest is history.
"He is the perfect scapegoat for management failings. It's awful but he will undoubtedly end up carrying the can for the incompetence of others."
So, if you are not a senior civil servant, you are a junior.
Just another example of how out of touch the Civil Service is.
Blair survives confidence vote(https://news.bbc.co.uk/1/hi/uk/7107631.stm). Damn, let's do the time-warp again...
Confusion between junior/senior in the civil service:
- Grade 1 is the Permanent Secretary of a Department
- Grades 1, 2, 3, 4 and 5 (or different nomenclature) are all members of what is called the Senior Civil Service (SCS).
- Grade 6 (or Band G) is the most senior official outside the SCS, followed by:
Band F / G7 (Grade 7)
Band E / SEO (Senior Executive Officer)
Band D / HEO (Higher Executive Officer)
Band C / EO (Executive Officer)
Band B / AO (Administrative Officer)
Band A / AA (Administrative Assistant)
Jobs at Band G/Grade 6 and Band F/Grade 7 are usually responsible for managing large blocks of work, which are capable of separate control and demand high levels of management.
Managing more junior employees is often a significant feature of the work in the bands/grades C/EO and D/HEO, but jobs at these levels may equally concern support or advice to more senior officers, involving little or no management responsibility.
In general, the more junior bands/grades are responsible for clerical or operational functions and related management duties.
i don't know. Maybe a Junior TNT employee took them home thinking they where computer games. One of the lessons to be lerned from this has to be never trust anybody.
The usual case in business is that the attitude of the board passes down and beocomes the attitude of the employees... So even if the board goes through a "do as we say, not as we do" blame exercise and sacks a few managers, their culture remains the culture of the business. Which makes all this "Junior/Senior" mullarkey a load of cobblers - the carelessness civil servants with personal data is merely reflecting the attitude which passes down from Whitehall.
This pair of disks may still be on Govenrment Property, but this incident shows any junior staff could download the information at will. How many other disks have been created?
Nick
Gordon Brown's attempt to shuffle off culpability for this fiasco on the basis that it was caused by a junior official breaching procedure stands logic on its head.
Leaving aside the ludicrous failure to encrypt the data, the real problem is that controls were so lax as to ALLOW a junior official to by-pass procedures in a critical, high risk area of activity. Worse than that, with no built in exception indicators to highlight the breach.
Human nature and living in the real world means that risk exists that junior (and not so junior) officals might breach procedures inadvertently, due to lack of judgment or competence or knowledge of the procedures, or deliberately for malicious reasons or for criminal purposes.
In my direct experience, system controls one would expect to see in an high risk area of a system would include limiting the authority to perform the task (in this case dowloading the data to a remote device) to senior officials or possibly even to require dual authorisation by two such officials - AND, either way, with automated reporting of the transaction to the boss of the senior offical and any relevant compliance unit.
Lest this should appear far fetched or too high tech, such features were inbuilt 20 years ago into the IT system of the financial service company where I was employed. There the risk was to the financial well being of the company, rather than the privacy and well being of the nation.
It is not good enough for Ministers to wait until such fundamental weaknesses are revealed by the action of junior officials in breach of procedure. Where obvious risk exist with the potential for severe consequences, Ministers have a clear duty to satisfy themselves that appropriate levels of control are in place to ensure, as far as is reasonably possible, that procedures are followed and exceptions are reported in time.
In any event, recent revelations and episodes tend to suggest that,in reality, what happened here was more the rule than the exception.
After the Standard Life episode we were told that HMRC arrangements were being reviewed to introuce safeguards to prevent this happening in future - ie sensitive data downloaded unencrypted to a disc and lost in transit. Sounds just a wee bit like what Brown and Darling have
said on this latest occasion.
First we have Darling telling us about the cock-up then we have Baldrick's cunning plan to fix it.
Right from the 'teaser pre-announcement' of a major 'operational' failure, the government have tried to evade their responsibilty. Not good enough.
The have presided over and, to a large extent created, the conditions for this accident waitng to happen through their decisions on information strategy, organisational structures, manpower levels and so on. To explain it all away by pointing to a low level official's failure is risible and contemptible.
Hopefully we don't have junior officials in the MOD who could ignore procedures and push the nuclear button ?
Incidentally, when/if the discs turn up, how will we know that they haven't been copied and "replaced" in order to be found ?
An explanation for the discs are still on Government premises line could be that the person who was expected to send the discs the first time round simply didn't do it i.e. the cock up was that of the 23 year old we have been told about but the systemic failure i.e. the extent of the data (which had already been sent to NAO previously as fully and in this form) and the method of transmission was much higher up (and wider). The correspondence (I have read the documents published by NAO) and facts are similar to many such scenarios where a letter was supposed to have been sent but had not and no one is prepared to admit it but think that they can get away with saying it was sent and sending a duplicate
Can any 'junior' member of staff download vast amounts of personal data at a whim without passing it by a 'senior' colleague?
In my seven years working with HMRC on and off, either providing services from a small company or representing software developers' interests, it has been perfectly obvious that most trivial technical tasks become time-consuming and expensive once they have been put to HMRC's prime contractor.
I have been on conference calls, providing a parallel service to the prime contractor, where they have quoted months and hundreds of thousands of pounds for changes I had already implemented for a few thousand, had tested and could have deployed in a few seconds. We ran rings around them and my old colleagues still do.
There are some tremendously dedicated, hard-working people at HMRC, but the system fails to give them the skills, tools or contractual flexibility they need to achieve simple tasks quickly at low cost. Our money is being wasted hand over fist and, under the current circumstances, the alternative is the risk of fiascos like this.
If the HMRC computer system were properly designed and specified it would be impossible for anyone, whether Senior, Junior or a Minister, to download millions of people's private information and burn it onto a CD. Clearly whoever was responsible for the specification gave no serious though to confidentiality. You should ask: what confidentiality measures were built in to the system, and were any "rejected on grounds of cost?"
What, if anything, has happened to the audit and procedure teams that used to make surprise visits to government offices? Part of their remit was to ensure that standing instructions regarding security and other matters were being complied with. Have they been axed in a "cost cutting" exercise aimed at improving efficiency perhaps?
Back when TB was in charge, I felt that he had brought the "Office of the Prime Minister" into disrepute.
I fear this Administration is bringing the whole Politicians and Public Sector caboodle into disrepute.
I feel insulted that this Adminstration keeps feeding us such rubbish as excuses. I only hope that the Tories and Lib Dems can do better.
Grades 1-5 are the 'First Division' Civil Servants, or senior executives. Grades 6-7 are middle managers. Grades 7-10 are junior managers. Clerical grades come below these.
Grades 8-10 are not known by this nomenclature: Grade 8 (is often known as Senior Executive Officer). Grade 9 as Higher Executive Officer and, below that, Executive Officer or EO.
For reference, there are official anologies will military ranks. A grade 7 is the equivalent of a full Captain in the Royal Navy or a Lt Colonel. An EO is the most junior 'officer' rank.
Increasinly, 'grades' are now replaced by 'bands' but the underlying structure remains the same.
If the 'junior official' turns out to be grade 7-10, as suggested by the above update, it will be difficult for the Chancellor to argue that he has not misled Parliament. He will effectively be saying that somebody of 'officer' quality and equivalent to, say, a 'Senior Executive Officer' or Colonel was what he told Parliament was a 'junior offical'.
Darling would probably have been ok if he had said a 'junior officer' but he did not; he implied a clerical grade. A Luitenant, for example, might be junior compared with an Admiral but not compared with an Able Seaman. A luitenant could not therefore be accurately described as a junior sailor.
I know, and I'm sure you do too, that in a couple of days or at the most weeks, everyone will have moved on, and this episode will be forgotten and consigned to the dustbin that is the Labour party's gift to us. I just hope that someone, anyone, in the Conservative party will remind the great British public at the next election.
If all civil servants between grades say, 5 and 7, got lost in the mail would anyone even notice?
I am dissapointed that the media is not pressing an important point about this whole calamaty. Even if the discs eventually turn-up, 2 cd's can be easily copied and certainly plenty of time has passed for this to have happened.
I can't imagine better cover for fraudsters, having copied the cd's to leave them somewhere they'll be found. Then government trumpets their finding, reassures the public and chastises the media for hyping the story.
... a few months later, the real trouble begins!
Sadly this cat really is out of the bag now, however this story ends we will simply never know if the data has leaked.
Data Protection in the UK is a farce.We live in a society where there is no such thing as privacy.The state believes every human in the UK is in a condition of "ownership" by the state.We are all the victims of social engineering gone mad whereby the state believes every penny earned by every individual belongs entirely to the state by virtue of huge taxation, and every social human interaction from the bedroom to the pub to be governed for 60 million people by the whims of less than 400.Every day, (often with the aid of technology ),the UK becomes more and more a totalitarian society.
Sorry if this repeats a comment made by anyone earlier. The e-mail on the first page of your blog makes it clear that data has been sent before - 100 zipped files on 2 CDs. Assuming senior officials in HMRC take any notice of NAO reports they must have known that data was being transferred.....
The UK has no respect for personal privacy.The Government simply believes in social engineering-the accumulation of all data relating to peoples' lives for the purpose of social engineering determined by them.The taxation regime is a typical example, as are the laws on DNA testing , Surveillance , etc. We in England live in a totalitarian society with 60 million told what to do on every subject and action from the bedroom to the pub by less than 400. There is no real freedom of speech, no real free enterprise ,and any money individuals earn or save is deemed by the state to be owned by the state.
The problem of working out who is junior and who is senior in the civil service is illustrated by the ancient joke: Irate caller to government office 'I demand to be put through to the person at the top'; flustered telephonist 'Certainly, sir, I'll put you through to the Assistant Under-Secretary'; irate caller 'Assistant Under-Secretary! I said the top person - Senior Executive Officer at least!' (i.e. someone 4 or 5 grades down). The rule of thumb even now is that someone who has the word 'senior' in their job title is probably more junior than someone who doesn't. I hope this makes the position entirely clear.
So this "junior" official could well be someone earning in excess of 拢60,000 a year? I doubt that most of us would consider that to be the wage of a "junior" member of staff.
As an ex local government officer with 20 years experience behind me, It seems to me that this kind of data transfer is probably a fairly common occurence in the civil service. If its true that it was sent by a "Junior" civil servant by internal post contrary to standing orders then that official and their line manager/s who have responsibility for that section have committed gross misconduct and should be disciplined accordingly. This is a matter of sloppy internal management, nothing more.
To make politcal ammunition from it and call for the resignation of the Chancellor and the PM is just plain naive and mischievious nonsense notwithstanding the gravity of the possible consequences.
So, a department director is a "Junior Official". Come off it, we're not stupid! This was a senior official of the department through and through, no matter what ministers want to call it. You don't get much higher than a B1 unless you're in Whitehall and Parliament Street - or is HMRC leaderless? Come to think of it, they are, second chairman to go since it was created 2 years ago - dangerous job. Bring back the jobs that are being cut, and you may have someone in the department that can edit the database in just a few minutes, instead of tendering it to a private company that charges thousands (yes, thousands!) to amend the data file that is fit for purpose.
As an ex local government officer with 20 years experience behind me, It seems to me that this kind of data transfer is probably a fairly common occurence in the civil service. If its true that it was sent by a "Junior" civil servant by internal post contrary to standing orders then that official and their line manager/s who have responsibility for that section have committed gross misconduct and should be disciplined accordingly. This is a matter of sloppy internal management, nothing more.
To make politcal ammunition from it and call for the resignation of the Chancellor and the PM is just plain naive and mischievious nonsense notwithstanding the gravity of the possible consequences.
I am reminded of this government's "previous" when it comes to denigrating and scapegoating "junior officials". Unless I am mistaken, was this not exactly the same term used by Downing Street to describe Dr David Kelly and his involvement in the WMD debate prior to his profoundly distressing suicide? As it was subsequently revealed, not a "junior" by anyone's definition.
What a lot of noise focused on the missing discs and the possibility of information entering the public domain. A serious situation granted.
However further focus should be given to the time delay that occurred from the NAO request and the the NAO receiving the information. Has the information been changed in that time interval? What was being investigated by NAO?
Just a thought that the focus of the media may be deflecting the NAO when a strategy of 'thinking out the box' to identify and investigate all factors for concern may be required.
Nick,
John F in comment 37 said "Data Protection in the UK is a farce". I agree entirely indeed I would go further.
I have just found that the DWP have paid my annual Winter Fuel Payment into my bank account and, lo and behold, the Transaction Identifier is: "Bank Credit **** DWP WFP" where the asterisks are my National Insurance number in full. Why? I know my NI number so there is no need to tell me and I'm sure the Bank does not need it to carry out the money transfer. As a result of this exercise, another few million pensioners NI numbers have 鈥渆scaped鈥 from a Government Department needlessly.
Security Procedures and respect for sensitive information with the present Government and Civil Servants is more like a sieve!!
I can't help wondering who's going to pay for the police effort searching for the lost discs.
Personally, I hope that the bill will be presented to HMRC.
Hi Nick, I see the spin-doctors are out in full force..
An unreservered apology... Isn't that a term used when nobody is actually claiming responsibility and everyone gets to keep there job?
Senior business staff who are only junior ministers... I know i'm just an ignorant voter but I thought senior and junior were opposite terms. Are they collecting junior or senior wages?
If you make a mistake in the REAL world you can pay with your career; a rule that doesn't seem to apply to civil servents or ministers.
Job security and high wages when you've been incompetent. Where do I sign up?
As for the missing CDs, have they checked that filing cabinet at the met with all those missing police warrants?
say no more secret say no MORE, seems it was Tony Blairs fault.
I WANT MY (biometric) ID!
These days it is not realistic to expect that nobody will ever be able to obtain my name, address, date of birth and bank account or credit card number. For a start, names and addresses are published on the electoral roll.
It is therefore important to ensure that having this information should not be a sufficient basis for perpretrating theft or fraud, for example by taking money out of my bank account.
A biometric ID card would enable me to prove my identity beyond doubt, whenever I want to take money out of my bank account or make a purchase using a credit or payment card.
Idiots like Nick Clegg who oppose National Identity Cards "on principle" should also refuse to carry their Passport and Driving Licence. Otherwise they are just a bunch of paranoid hypocrites.