Cable vs. Darling re HMRC data loss

5.45.00pm GMT Tue 18th Dec 2007

• [Dec 17} Vincent Cable (Twickenham, Liberal Democrat): May I thank the Chancellor for his courtesy in bringing us up to date? I hope that he appreciates the damage that has been done to public confidence by this episode, compounded by the events in Coventry and the report on the Driver and Vehicle Licensing Agency about which we shall hear shortly.

If data and valuable information are consistently lost, stolen or abused, the public completely lose confidence in government in general at all levels. It is difficult to see how we can be confident of the Government's proceeding with much more ambitious initiatives: not only the compulsory ID card scheme, but the DNA database and the NHS spine.

The Chancellor exchanged comments with the Conservative spokesman on the specific issue of the distinction between systemic and procedural failure, with systemic failure being the responsibility of Ministers and procedural failure being that of officials. That is a subtle semantic distinction of which St. Thomas Aquinas would be proud, but surely the fundamental point is that good systems produce good procedures and bad systems produce bad procedures. In this episode, we have had bad systems and bad procedures.

I welcome what the Chancellor said about the ban on the transfer of data without encryption. That is clearly the way forward. Has he secured the full agreement of the IT companies to use outside encryption specialists to enable that work to proceed? More generally, has he now agreed that it would be completely inappropriate to try, as he has been doing, to block through the courts the publication of the gateway reviews on the way in which the IT companies manage their affairs in Government Departments?

In terms of the Chancellor's comments about the integration of the work of the Poynter study and the wider 2006 study of Government Departments, what is the significance of the work that David Varney, the former head of the HMRC, is doing on so-called transformational government? Is not the purpose of the study to break down barriers in data transfer between Government Departments? Is there not a danger that if that proceeds without proper safeguards it will merely compound the danger of the kind of error that we have already experienced?

Finally, I want to ask two or three specific and narrow questions. The Government have been asked some parliamentary written questions, not least by my hon. Friend the Member for Falmouth and Camborne (Julia Goldsworthy), about whether there are protocols that govern data transfer within government. None of those questions has been answered, including those asked of the Chancellor's own Department. Are we to infer from that that there are no protocols? Is that what that obfuscation is designed to achieve?

When the Government sent out their letter of apology, they sent out millions of letters containing large amounts of personal data that far exceeded what was necessary to communicate an apology to their recipients. Since, according to information from the Courts Service, it seems that 8 per cent. of all official letters go astray, have not the Government compounded the original disaster by putting out large amounts of personal data that will simply finish up in the wrong hands?

• Alistair Darling (Chancellor of the Exchequer, HM Treasury): On the hon. Gentleman's last point, I have some sympathy for what he says. I think that HMRC's intention was to apologise to all those who receive child benefit, but I do not think that it was ever intended that that letter, too, would be accompanied by information that, as far as I can see, did not need to be sent. I agree with the wider point that the hon. Gentleman raised in that respect.

The Government, of necessity, hold a great deal of information on behalf of citizens of this country and we need to be careful to reconcile two things. First, we must maintain people's privacy, by ensuring that we do not send out information that might fall into the hands of people who are not entitled to receive it and might cause difficulties for people's security or general privacy. At the same time, as the hon. Gentleman rightly says, we must accept the fact that in health services, for example, there might be good reasons for different hospitals, GPs and others to be able to obtain information to provide a better service for patients. It suggests to me that in government, as well as in the private sector, we need to ensure that procedures are far tighter, that people are aware of them, and that they are properly enforced. The Poynter review, as well as other work that is being carried out, will achieve that.

Finally, if we are not answering parliamentary questions on these matters, I will look into that when I get back to the office and try to answer the hon. Gentleman as soon as I can.