We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
HMRC Data Breach...can we claim damages?
Mike12421
Posts: 97 Forumite
Anyone have any idea's, or tips regarding their mess up with our information?
0
Comments
-
For not being responsible in securing personal data relating to half of the population?
I was led to believe that companies (by law) had to safe guard personal information, such as addresses, credit card information, personal details etc.
It does not look like they have done so, and as reported on the news tonight, a lot of the information did not need to be held by them, however the cost was too great to delete the information, now the personal and financial details of millions (including possibly my own, as I have children) are out there!0 -
What? Claim the cost of telephoning the 0845 number?
0 -
what damages have you suffered as a result of the loss of the CDs?From MSE Martin - Some General Tips On Holiday Home Organisations and Sales Meetings
DO NOT TOUCH ANY OF THEM WITH A BARGEPOLE!0 -
Any claim is eventually paid for out of UK PLC, i.e. our taxes. If 'everyone' ends up successfully claiming (although how and on what grounds i'm not sure) then everyone will also end up paying.
Therefore no point claiming!0 -
None at present, and hopefully my details will never be found or used.
I was only inquiring "if" any costs could be reclaimed from HMRC as a result of "losing" my details?
If not, what will possibly happen to them, a fine?0 -
Having previously worked for HMRC or IR as it was when I worked for them, I am surprised the NAO was allowed to request the information in this manner. Information like this would never have been let out of the building, the NAO should have visited the HMRC in question. Also I don't believe for a second it was a junior member of staff as I am lead to believe from news reports, no junior member of staff should have the ability to access servers or places where the information is stored, all computers used by staff to administer basic tax/child benefit has the capacity to download disabled. Also it would be very difficult to find who actually posted the discs, no recorded, no identifying from the HMRC post rooms.
I wouldn't worry too much about compensation, if any loss is incurred you are covered by the banking code.
It would be nice to get some money but unlikely!!:A :
Siren
Keep Smiling
Eight words ye Wiccan Rede fulfill - An’ it harm none, Do what ye will.0 -
To be honest I don't think they will fall into the wrong hands.
TNT have an excellent track record of losing post.
When the bank I work for let TNT take over the overnight security run from Securicor they had to open a new warehouse to stack up all the bank's internal mail that they did not know what to do with!0 -
The belief that we should be able to sue or claim damages typifies a horrible attitude that seems to be getting more and more prevalent.
Have people forgotten that the Revenue is a government department funded by the taxpayer? If we can claim damages it is the taxpayer who ends up footing the bill. We might as well all claim compensation off our next door neighbour and pay it to another neighbour:o (or is the OP suggesting we should all sue the junior/senior official who made the !!!!-up?)Gwlad heb iaith, gwlad heb galon0 -
Yes, a key point - if it is "all the fault of a junior employee" the system is massively at fault (the route from his boss up to the top have all failed spectacularly).siren13577 wrote: »Also I don't believe for a second it was a junior member of staff as I am lead to believe from news reports, no junior member of staff should have the ability to access servers or places where the information is stored
In fact the only sympathy I have for anyone in "the machine" is the guy who was told to "just do it" - hope he can sue them...0 -
siren13577 wrote: »Also I don't believe for a second it was a junior member of staff as I am lead to believe from news reports, no junior member of staff should have the ability to access servers or places where the information is stored,
The staff have to access the server as that is where the database is stored. If they can't access the server they can't update any records when things change. The data would have been restricted, but that just means if you don't need to access it to do your job you don't get access to it. If you do need to access it to do your job then you get access to it, no matter how junior you are.siren13577 wrote: »all computers used by staff to administer basic tax/child benefit has the capacity to download disabled.
How do you mean "downloaded"? The computers obviously had the ability to to burn files onto a CD as that is what happened.siren13577 wrote: »Also it would be very difficult to find who actually posted the discs, no recorded, no identifying from the HMRC post rooms.
No, every government department I have worked for, and private company had a post book, later replaced by a database. This book/database would record all outgoing and incoming mail, what it was and who sent it etc.
Also they have the emails about the request, so they know who exactly posted the CDs. Unfortunately that poor person will bear the brunt for something they had no control over.
I worked for another gov dept, in the IT dept, when a private company took over our databases. it was the same one that is involved here and the scr*wed us rotten. They took over the administration of the databases, so we could do nothing with them except enter and edit records. Each time we needed to create a query to extract information they charged us £90. There was talk of them charging £90 for each 1000 records (or part of) the query returned before I left. This would have meant that if a query returned 1000 records or less we would be charged £90, if it returned between 1001 and 1999 records we would be charged 2 x £90 etc. If that was implemented then they would have been charged to run a query that returned 25 million records at a rate of £90 per thousand. It's no wonder that some higher up said "B*gger that, we can't afford it".
There's also a strong possibility that the tech people didn't have the skill to create the query in the first place, and so put a silly price on the job knowing it would not be accepted. I've had that happen many times.
Having said all that I do think the person sending the CDs should have sent them at least by recorded delivery. Although it is possible they didn't know what information the database contained.
If they only needed to know people's names and NI number to do the job it is possible they did not have access to other information the database held. Therefore they may not have realised that copying the entire database would mean they were also copying sensitive data.
When I was in the IT dept I created databases that only allowed users to see certain data depending on what user group they belonged to. As an example our personnel database held many details about our staff. Someone in the personnel group could see an employees sick record, but never see, or even know that the database also contained their salary details. Someone in the finance group would see the persons salary but never see, or know, that the database also contained their sick records.
If the person who sent the CDs ever says they did not realise that the database contained sensitive information I for one would think that they are probably telling the truth.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards