The way individuals’ personal information is handled by public organisations is high on the public agenda and we have helped to improve standards in this area. Last year our report, A Breach of Confidence, described how a number of government agencies refused to accept responsibility for the mishandling of Ms M’s personal information on their computer systems, despite their actions having personal and financial implications for Ms M. The Cabinet Office responded to our findings and recommendations by developing a protocol for all government departments to use when they are sharing personal data. The government agencies involved also implemented a protocol on handling complaints that cut across the work of their departments.

But the story doesn’t stop there. Following our report, as one of the named departments, HM Revenue & Customs (HMRC) also undertook a thorough ‘after action review’. The review identified key learning points. These included the importance of maintaining the integrity and security of personal information when it is shared across departments, and the need to ensure the safe transfer of any security markings. HMRC presented the learning to a meeting of cross-government complaint handlers.