HM Revenue and Customs has promised to make its "best endeavours" to improve data security by 2011, in line with recommendations made in a key review.
Last year's Poynter review made a series of strict recommendations to improve HMRC's security, following its loss of computer discs in the post that had the records of 25 million people. The report called HMRC's data handling "clearly woefully inadequate", adding that it "simply wasn't a management priority".
HMRC's Autumn Performance Report has said a data security improvement plan was put in place following the review, and the department will make its "best endeavours" to implement the Poynter recommendations by the target date of June, 2011.
Steps taken so far include restrictions on portable devices such as CDs and USB memory sticks, on which data will only be saved "where there is a compelling business case to do so". There are also limitations on bulk data transfers, only allowing the movement of "business critical" data, with tightened security and improved encryption.
Staff would also be held accountable for any data loss, HMRC insisted, and each section now has a data guardian, an "expert and champion for data security". Employees have to attend data security workshops and they have been issued with a book containing security rules.
"It is essential that all of our colleagues know that data security is both an individual and a collective responsibility," HMRC chairman Mike Clasper wrote in a foreword to the report. "A key step towards achieving this goal is clarifying what our senior leaders must do in their business area to effectively discharge their key accountabilities."
Separately, HMRC has also rolled out a number of key online services. Self-tax assessment forms and a validation engine for self assessment and pay-as-you-earn tax, were both launched in April last year, in "the largest online IT release in HMRC's history".
More people are now using the online forms, HMRC says, with more than two million self-assessment tax returns filed on the web in the year to November 2008, a 38% growth compared to 2007. However, it recently emerged that fraudsters were targeting taxpayers with scam emails purporting to come from HMRC in the run up to the 31 January self-assessment tax deadline.
HMRC says it has also made substantial investments in other IT systems. It expects to save £49 million this financial year from changes to its Aspire contract with Capgemini.