Millions of L-drivers’ data lost

The details of three million candidates for the driving theory test have gone missing, Ruth Kelly has told MPs.
Names, addresses and phone numbers – but not financial data – were among details on a computer hard drive which went missing in the US in May.

It belonged to a contractor to the Driving Standards Agency, the transport secretary told MPs.

It is the latest in a series of data losses since discs with 25m people’s details on were lost by HM Revenue.

Ms Kelly said the details of learner drivers had been formatted specifically for the contractor, Pearson’s, and was not readily accessible or usable by third parties.

Risks ‘not substantial’

She said the details were not sent in the post – but the hard drive had not been found where it had been expected to be, in the “security facility” in Iowa.

She said the information commission had judged the risks presented by the loss were not “substantial” as the details did not include bank account details, National Insurance numbers, driving licence numbers or dates of birth.

But she apologised for anyone for any “uncertainty or concern” caused to anyone whose details might have been included – who took a driving theory test between September 2004 and April 2007.

Responsibility for systemic failure does not lie with junior staff – it lies at the very top

Philip Hammond
Conservatives

However her Tory shadow Theresa Villiers said the government was failing in its duty to obey its own laws on data security and said it was further evidence of a “systemic failure” by the government in handling people’s private data.

The statement followed straight on the Commons from Chancellor Alistair Darling’s presentation of an interim report by Kieran Poynter, UK chairman at PriceWaterhouseCoopers into the loss of the child benefit data by Revenue and Customs in October.

Mr Darling said Mr Poynter’s review had prioritised the immediate security measures that were needed at HMRC.

Bulk data ban

And he said there was still no evidence of any fraud from the loss of the two discs in October – containing names, dates of birth, bank and address details.

Among measures were banning the transfer of “bulk data” without certain security measures, and disabling lap tops to stop information being downloaded without the permission of a senior manager.

But Mr Darling said it would be “wholly inappropriate” to draw final conclusions while more inquiries were being carried out. The full report is due “in the first half” of 2008, he said.

Philip Hammond, for the Conservatives, said it had been “the most catastrophic data security breach in British history” and criticised Mr Darling’s early explanation that a junior official who had not followed the rules was responsible.

“Responsibility for systemic failure does not lie with junior staff – it lies at the very top,” he said.

“In the face of the overwhelming scale of systemic failure behind this disaster, this statement can only be described as a wholly inadequate response from a wholly inadequate chancellor.”

Meanwhile, a capability review of HM Revenue and Customs found that “the senior leadership has not been successful in injecting pace, confidence and dynamism throughout the department”.

The top team “has more to do to demonstrate that it can take the tough decisions required to set priorities and to bring about organisational clarity”.

It also needed “a robust plan” to “resolve staff uncertainty” and be clear about what HMRC will look like in the future.

A capability review of the Treasury found the department was “not driving change with sufficient passion and pace”.