A bit ironic that the first major corporation to be nailed to the wall on a compliance issue in the UK, will be Her Majesty's Revenue and Customs. Well, they won't be 'nailed' will they – too embarrassing for the Government. Just an enquiry which will finally report years down the line, with the Government saying that the system has changed and there's new safeguards in

Let's forget about the security arrangements around the database for a minute and try and think what type of database is being used? Is it a proper database, with proper record fields or are there some flat text files in there which are used as pseudo-records. Is it the case that HMRC can't run proper queries against their database, i.e.

BEGIN

for all the data

          get just the Name and NI number record fields;
          write that data;

END.

OK they'd use a dedicated query language, but you get the idea. Plus, how come a 25 million unique record database can fit on 2CDs? If we give everybody 100 bytes of ascii, that's 2.5GB – a bit more than 2CDs. Compression? No doubt the inquiry will sort all this out and then we can move to that National ID Database secure in the knowledge that it couldn't possibly happen again.

22 Nov 2007