PWC Chairman Kieran Poynter has issued his interim report into the HMRC 25 million identities data leak and a most superlative piece of white washing it is too.
It runs to six pages and all we learn is that HMRC has closed several stable doors since its child benefit database went missing.
First of all we must pat ourselves energetically on our own back. In an earlier blog I noted: "The prediction is that he (acting HMRC Chairman Dave Hartnett) will keep his job, uttering immortal words such as 'learning from our mistakes' and 'becoming world-class.'"
Poynter's covering letter to his report contains this most gratifying sentence: "He (Hartnett) has expressed his determination to learn from these events and create the world class data security environment you would expect in HMRC."
Ah, bless. Ten out of ten for the PWC man.
Anyway the interim report refuses to name names and doesn't add one jot or tittle to our understanding of the data loss catastrophe. Poynter does detail measures that HMRC has already taken but which "I would have recommended" such as the appointment of a Director of Data Security and the imposition of a complete ban on bulk data transfer via removable media "without adequate security protection such as encryption".
No more can junior officials download a complete database onto removable media.
Section 2 is entitled 'What exactly happened?' and he takes seven sub-sections to tell us nothing new at all.
He's making good progress interviewing people but many of his interviewees have refused to have their interviews tape recorded. Instead they get a typed transcript of written notes which they can read and 'confirm their accuracy or give corrections.'
He covers progress made so-far and finds it necessary to point out that although the senior manager in HMRC (Nigel Jordan, Child Benefit process owner) was copied on the e-mails known about, there is no proof 'that the official actually took a decision in relation to the manner in which HMRC should have responded to the request for data (from the NAO).'
It seems that is on this basis that, in his covering letter to Chancellor Alistair Darling, he writes: "I have seen no evidence thus far that would lead me to conclude that the statement given by you to Parliament was inaccurate."
You might think this is glistening and glossy white wash. Smooth and creamy thick. I couldn't possibly comment.
The Daily Mail has pointed out that PWC provided accounting facilities for Gordon Brown's recent Labout party leadership bid that led to him becoming Prime Minister. It also notes that "PWC has received millions of pounds in contracts from the Government" and raises the question of Kieran Poynter's independence.
In Poynter's introduction to his interim review report he summarises his terms of reference: to think about urgent HMRC measures; to establish the chain of events leading to the data losss; and to make recommendations to achieve a high level of data security at HMRC.
One might almost think there was a fourth term of reference, something like: "To protect the position and reputation of Alistair Darling and also of Gordon Brown by refuting accusations that Darling was mistaken in his first statement to the Commons about junior officialdom's responsibility, also rebutting accusations of systemic failure at HMRC, and lastly rebutting allegations that the data losses at HMRC were due to cost and manpower reductions contingent upon its inception by a merger of HM Customs and the Inland Revenue."
That, I'm quite certain, is what his final report will largely say.
Perhaps the Police investigation into the events at HMRC, by officers thoroughly hacked off by the government's cavalier over-turning of their arbitrated pay award, will be a little more unforgiving of the dreadful IT data security illiterates at HMRC.
It would be nice to think that, at the end of the day, the severely unimpressive people in charge at HMRC, including the so far completely silent chief information officer, Deepak Singh, paid the due price for the biggest identity data loss in UK history.