Download original attachment
(Word document)
This is an HTML version of an attachment to the Freedom of Information request
'Expenses: security advice'.
(Word document)
To all Members
13 May 2009
PUBLICATION OF ALLOWANCES: LOSS OF DATA & UPDATE ON TIMETABLE
A. Loss of data
I am sorry to have to write to you about a significant leak of data about the allowances to the press - we assume that this may cover all Members. I wanted to ensure that you are fully aware of what has occurred, what steps I and the House authorities have taken, and what you should consider doing yourself.
What has happened?
The loss involves the information that has been prepared for publication and may include scans of all details contained in your allowances file in relation to claims made against the ACA, IEP and Communications Allowance. The details which may be at risk as a result of the leak include bank and credit card details, personal addresses, the names and details of suppliers you have used, personal account details and details of transactions. If you have made claims for the reimbursement of staff costs, the data will also include details of staff names and their bank account details.
While the media appear to be acting responsibly by not publishing personal financial details, residential addresses and data about third parties, it is possible that the information is still held by the person or persons who acquired this information with the intention of further exploitation for personal gain. It is possible that the data could be used for purposes which are harmful to the individuals to whom the data relate through exposure to identity theft and fraud through the release of non-public identifiers e.g. account numbers and information about the private aspects of a person's life becoming known to others e.g. financial circumstances.
Therefore you are advised to consider your own circumstances and those of other individuals named in your claims information including your staff and suppliers and take necessary steps to protect yourself and them from fraud or other harm.
What has been done about it?
As you will know from the Speaker's statement to the House, the Clerk of the House invited the Metropolitan Police last week to consider the unauthorised disclosures. We are also writing to the Information Commissioner to inform him of the situation. And the Daily Telegraph have confirmed that they will not release confidential information about bank accounts etc.
What should you do?
The loss of data could have different implications for different Members. For example, Members who have made reimbursements to named staff through the IEP may need to consider whether their bank account details may have been disclosed. So:
be watchful of your personal financial arrangements
consider what information may have been disclosed about your staff and others named in your claims or correspondence with the department;
discuss with your ban, credit card providers etc ways of mitigating any risk of fraud such as altering PIN or access codes immediately
inform us immediately if you become aware that any unauthorised transactions have taken place
For advice about the leak please contact in normal working hours. will be able to draw on specialist financial security advice from the Metropolitan Police.
B. Bringing forward the publication date
There have been many calls for immediate publication of the information as it now stands. It is vital that the additional editing already identified by Members as being necessary is completed. Nevertheless we have been asked to do what we can to bring the publication date forward as far as possible with the aim of publishing around mid June. Please make sure that you make all returns to the publication team as soon as you can, and in any event by no later than 21 May: there will not be time to take account of changes received after this date. The reduction in time before publication will, however, mean that the time for you to check that changes have been made will be reduced. The aim will be to replace the files currently on the Members' access site (the audit version with all details readable) with those to be published prior to the information being made available to the public generally, but there might not be much time for such checks to be made.
For advice on the publication please contact the helpline . It is in the interest of the House that all Members do what they can to help in completing this process as soon as possible.
A J Walker
Director General of Resources
House of Commons
Director General of Resources Andrew Walker CPFA
Janet Rissen (Business Management & Development) Chris Ridley MBA FCCA (Financial Management)
Terry Bird (Operations) Heather Bryson MA FCIPD (Human Resource Management & Development)
Department of Resources House of Commons London SW1A 0AA
Telephone: 020 7219 5460 Facsimile: 020 7219 2531 E-mail: [email address]