Information Age: News, analysis & insight for IT & business leaders

Cross-bench peer Lord Erroll yesterday described the spectacular HMRC data breach, in which the private details relating to 25 million UK individuals were allegedly lost in transit, as a “godsend”.

Speaking at CSO Interchange, a seminar for blue-chip information security officers run by on demand security provider Qualys, Lord Erroll said that the incident should act as a “wake-up call” for government departments. Erroll, who sits on a number of ICT parliamentary committees, including the House of Lords Science and Technology sub-committee, has been a key proponent of a UK data breach notification law, similar to those already in effect in the US.

“No-one has been worrying about the citizen,” Lord Erroll told delegates. A data breach notification law would address this issue, he argued. “It’s not about ‘getting at’ anyone,” he added.

Lord Erroll was one of the peers responsible for the controversial Personal Internet Security report, published in August, which recommended stronger regulatory powers to govern both industry and software providers.

The report also recommends stronger powers for the Information Commissioner’s Office whose efforts are rarely credited, he claimed, because the office does not have the power to properly punish companies who transgress data protection laws. “The ICO does all the work, but the FSA gets all the credit,” he complained.

Lord Erroll also expressed hope that the HMRC incident will undermined the legitimacy of the government’s ID card scheme. ID cards would become a mechanism for controlling citizens’ behaviour, he suggested.  

“ID cards would become like an internal passport. First you’d have to show it on the bus, and then on the train. You can feel it coming,” he told delegates.

Further reading 

UK child database delayed

HMRC breach sparks finance fears

Find more stories in the Security & Continuity Briefing Room