Those e-mails in full
The e-mails which led to the loss of 25 million names, addresses and bank details have finally been released together with lots of black ink "redactions" to protect civil servants' identity. Along with them are letters from the NAO to HMRC (which you can see here in a PDF file).
The key thing we learn comes not from the detail but the tone of all the exchanges. They demonstrate little concern from either the NAO or HMRC about data protection. The NAO wants, it would appear, simply to reduce the size of the files it is sent. The HMRC is worried about the cost of filtering information in order to send the smaller files the NAO request. What about our privacy and our rights? No mention is made of them.
A few more details do emerge:
• First, as spun in advance, the NAO makes clear that it has no evidence that a senior manager ("the Process Owner for Child Benefit") made the the decision to release the data
• Secondly, the NAO has apologised "unreservedly" to senior management at the HMRC for not informing them of the request for the data implying that they went through more (co-operative?) junior staff
• Finally, there's one bit of fun. The e-mail below from the NAO tells the HMRC to "ensure that the CDs are delivered to NAO as safely as possible due to their content" ! If only….