For all we know, these discs could be in the hands of the World Alliance of Terrorists, Paedophiles and Internet Fraudsters, who are even now plotting to ruin us all with the data they have hacked into. Or, for all we know, the discs could have fallen down the back of somebody’s desk, sitting harmlessly until they’re eventually found.
There’s no doubt that the junior official concerned was seriously at fault for the breach of HMRC procedures. HMRC have said that the official acted “completely outside their job remit” and “should have forwarded it on to someone else - another group of civil servants at a more senior level”. This individual’s line manager (or whoever else was responsible for making sure they stuck to the rules) may also have been in the wrong. We shall have to see what the inquiry finds.
But just as there’s no reason to think that the lost data has fallen into the wrong hands, so is there no reason as yet to think that there’s direct ministerial culpability for this.
Don’t take my word for it: the opposition attacks on the government over this have been – absolutely rightly – outraged at the incompetence involved, but also extremely thin in terms of what should have been done differently.
Hence George Osborne could only demand that Alistair Darling should “get a grip and deliver a basic level of competence”, and David Cameron today can only urge Gordon Brown to “show some broad shoulders, be the big man and accept some responsibility” (a pre-scripted soundbite; Brown had personally apologised moments before).
But even so, scathing rhetoric is appropriate: Darling and Brown are the guys at the top and this potentially (possibly still actually) harmful breach of procedure happened on their watch. ‘Operational matter’ or not, it’s good for ministers to get hauled over the coals so that their motive to make sure that ‘we do not tolerate failure in this organisation’ is kept sharp.
Nick Robinson seems to have it right:
I fail to see the relevance of job cuts or unopened post or low morale at HMRC to this. Employees should know that data protection is sacred and if they don't there should be systems in place that ensure they alone cannot make serious errors.
And preaching the gospel of sacred data certainly is a duty that goes right to the top.
A final thought: if the discs had arrived safely and the unauthorised copying and sending then come to light, it would have caused a minor fuss and no more. But no less a failure would have occurred. The intensity of the headlines reflects luck and uncertainty rather than the quality of performance by HMRC.