HMRC stands for HM Revenue & Customs. What strange customs they must have at HMRC. HMRC obviously don't have to worry about the Data Protection Act. Firewall protection. Fraudulent use of information. Identity theft. Any kind of protection. No kind of protection. Protection rackets.
Now when I was at work and we had an audit the auditor came to our office to inspect the files on site. They were confidential and we were responsible for them. Therefore they were only taken out by the case worker. If any other person within the organisation needed to see them they came to us and sat in our office while they went through our files. Using our computers with us logging on to the files and system with our password.
Don't Auditors do that any more? What is the point of an audit if you can't check the system on site. Surely anyone could pull the wool over an Auditors eyes by selecting what information to send off to the Auditor. Exactly what were they going to audit? Maybe it was an audit testing out the security in connection with the Data Protection Act. Especially after their previous embarrassing lapse in security in September.