BBC News
watch One-Minute World News
Last Updated: Tuesday, 4 December 2007, 20:34 GMT
More firms 'admit disc failings'
Richard Thomas
Richard Thomas also has concerns about ID cards
Several firms have admitted security failings in the wake of the loss of two discs containing 25 million people's details, MPs have been told.

Information Commissioner Richard Thomas told the Commons justice committee that public and private sector bodies had come forward "on a confessional basis".

He said they were not on the scale of the HM Revenue and Customs mistake, but more would "come out in the wash".

Police are searching for the two discs, which apparently got lost in the post.

The two unencrypted discs, containing the entire child benefit database, were posted from HMRC offices in Tyne and Wear in October, but never turned up at their destination - the National Audit Office.

Bank details

The prime minister and chancellor have apologised and an inquiry is under way, alongside a police investigation.

Millions of families have been told to be on the alert for fraudulent use of their details, which include children's names, addresses, dates of birth and National Insurance and bank details.

It was a really shocking example of loss of security
Richard Thomas
Information Commissioner

Mr Thomas told the justice committee that, since October, "quite a number of organisations, both public and private sector, have come to us saying that they think they have found a problem... almost on a confessional basis, bringing to our attention problems they have encountered with security in their own organisations.

"None appear to be on anything like the same scale as that involving HMRC, but I think there is certainly more to come out in the wash as we move forward."

Chancellor Alistair Darling has said a junior official was responsible for sending the discs by post - in breach of HMRC security rules.

But Mr Thomas told MPs: "I would question whether anybody should be allowed to download an entire database of this scale without going through the most rigorous pre-authorisation checks."

He said software should be in place to stop entire databases being downloaded, adding of the missing discs: "It was a really shocking example of loss of security."

He also said he continued to have "anxieties" about the impending introduction of ID cards, particularly if information would be uploaded onto central databases, whenever cards are used.

18 October - Junior official from HMRC in Washington, Tyne and Wear, sends two CDs containing password-protected records to audit office in London through courier TNT, neither recorded nor registered. (TNT disputes this saying there is no evidence it was ever given the discs)
24 October - When package fails to arrive, second one is sent by registered post and arrives safely
3 November - Senior managers are told first package has been lost
10 November - Prime minister and other ministers are informed
12 November - HMRC tell ministers CDs will probably be found
14 November - When HMRC searches fail, Metropolitan Police are called in
15 November- Richard Thomas, Information Commissioner, says remedial action must be taken before public is informed
20 November - HMRC Chairman Paul Gray resigns; Chancellor Alistair Darling makes announcement to House of Commons
21 November - Prime Minister Gordon Brown apologises and orders security checks

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific