Data security is always going to be a hot topic given the sheer amount of people's personal identifiable data has been lost by the Government in the last couple of years. In light of the HMRC scandal the Government launched a new investigation, and the Cabinet Office now has guidelines for accreditation of systems that hold personal data.
However, it would appear that these new requirements are not being applied on old systems if the words of the Department for Work and Pensions minister, Jonathan Shaw are accurate. When asked by Mark Harper MP in Parliament why the "customer information system does not meet Cabinet Office rules for personal data" he replied,
The Cabinet Office's requirements for accreditation apply only to IT systems which were introduced after 1 July 2008.So essentially the Government have decided that any system holding personal data that is over seven months old doesn't need to meet the supposedly "tough" new accreditation requirements.