HMRC's loss of 25m child benefit records in October last year made all the headlines. It's perhaps a shame that the Kieran Poynter's review into the loss didn't make as many headlines - it contains interesting lessons on information security.
Poynter is highly critical of the shortcomings of current physical media transfer but raises deeper questions than just e-filing; questions that many financial services organisations should be asking themselves. The combination of customer data spread over multiple systems, often managed by outsourced IT providers; processes based around systems, not end-to-end business outcomes; and the need to keep data stretching back years will sound all-too-familiar to most people involved in financial services.
It is clear that HMRC can't go on accepting paper or physical media returns from companies. Already HMRC requires some information, e.g. pension scheme returns, to be filed online via the Government Gateway and more is surely on the way. In addition to encrypting the online transmission of data (the easy bit of information security), the Gateway implements many other parts of the information security puzzle, from credentials management through non-repudiation of transactions, that simple secure file transfer could not achieve. The two-way communication mchanism also allows entire processes to be streamlined promising benefits beyond information security.
In short, there are some important lessons to be learned from the Poynter Review and the HMRC response, not just by government agencies but by financial services companies too. Altus technical architects have been working in precisely this space for several years; both shaping our secure information logistics products and helping our financial services clients to engineer the same levels of control into their data exchange.
Copyright © 2010 Altus Limited