HMRC initiated immediate increases in security with a new process:Now, Martin Horwood, whilst obviously thinking about the HMRC DiscGate incident, didn't actually ask about HMRC specifcally yet the reponse leapt straight to telling him what changes had occured to mitigate a recurrance.
* transfers will now only take place if they are absolutely necessary;
* written authorisation for the transfer has to be given by senior HMRC manager (it was last time wasn't it?); and
* a clear instruction has been given regarding the appropriate standard of protection for the transfer (no change there then).
Where directors decide that a data transfer by disc is unavoidable such media must, in every case, be securely encrypted at the appropriate level (same as before then?). On 20 November the Chancellor announced an independent review of HMRC's data handling procedures to be conducted by Kieran Poynter, the chair of Price Waterhouse Coopers.
However, two questions later, Keith Vaz asked about security training at HMRC and received the following response from Kennedy
It would be inappropriate to comment on this issue as there is an ongoing Metropolitan Police Service investigation and an independent review of HMRC’s security processes and procedures for data handling led by Kieran Poynter, the Chair of PricewaterhouseCoopers.So, in the first question Kennedywas more than happy to talk about security procedures at HMRC and the '