Home / Sources / Select Committees / Recommendation 5
Index live · Last sync 22 May 2026
← Rec 4
Rec 1 →
Source · Select Committees · Public Accounts Committee

Recommendation 5

5 Not Addressed

Review BBC data collection and storage policies, ensure minimum data collection and safety.

Recommendation
The BBC has developed its approach to data security since 2019 but is not yet doing enough to manage the risks arising from increased access to users’ personal data. The BBC needs to collect and hold some audience data to help it to compete in the digital space, and crucial to this is sign-in, where audiences register for and use a BBC account to access its digital services. The BBC has a sign-in strategy, with a target for 72% of digital product views to come from signed-in users by 2023. It also has an overall goal of 23.5 million signed-in users by 2023. The BBC tries not to collect or hold more data about audiences than is necessary and reassured us that it has no plans to commercialise the data that it collects. That makes it distinct from BBC Digital 7 other digital providers. The BBC appointed a data protection officer in 2019 and also set up a central data protection team. However, the increased use of personal data exposes the BBC to more potential risks and it has not shown clearly that its active management of those risks is yet sufficiently embedded. The BBC has assured us that there have been no significant data breaches in the current financial year. Recommendation 5: The BBC should review its data collection and storage policies and work out the minimum amount of data that is needed to achieve its goals, what will be sufficient for its personalisation strategy, and how it will keep that data safe. 8 BBC Digital 1 Planning and funding
Government Response Summary
The government response provided addresses a recommendation to the Department for Business and Trade regarding fraud and error in COVID-19 grant schemes, which is entirely unrelated to the committee's recommendation concerning the BBC's data collection and storage policies.
Government Response Not Addressed
HM Government Not Addressed
1. PAC conclusion: The Department does not expect to recoup the majority of the estimated £985m of local authority grant payments made, mainly in error, in the first wave of Covid support schemes. 1. PAC recommendation: The Department, alongside its Treasury Minute response, should write to the Committee to quantify its latest estimates of fraud and error in each of the COVID-19 grant schemes and explain its justification where it is not seeking to pursue recoveries from businesses. 1.1 The Government agrees with the Committee’s recommendation. Target implementation date: Summer/early Autumn 2023 1.2 The Department for Business and Trade (DBT), previously the Department for Business, Energy and Industrial Strategy, can conclude recovery is unrealistic for the following reasons: • the business has ceased trading, with no residual assets and is not in administration; • recovery is poor VFM (the cost of litigation actions is higher than the debt) or • recovery is accepted as a significant reputational risk for DBT. 1.3 The government set out the latest position to the Committee at a hearing in relation to the Local Authority COVID-19 schemes which took place on 11 May 2023, following the recent report by the National Audit Office. The DBT has asked one of the Non-Executive Directors to undertake a review of the ongoing assurance, reconciliation, and recovery activity in relation to irregular payments and will write to the Committee following the conclusion of this review. 1.4 The review is aimed to conclude in Summer/early Autumn 2023. 2. PAC conclusion: The Department’s lack of curiosity surrounding lenders’ performance in the Bounce Back Loan Scheme increases the risk of losses for the taxpayer. 2. PAC recommendation: • The Department should set out what more it will do to identify the reasons for variances in scheme performance and encourage all lenders to reach an optimal level of performance. This is likely to include establishing the full extent of information held by lenders. • The Department should make data collection and sharing explicit within initial agreements when setting up future lending schemes. 2.1 The government agrees with the Committee’s recommendation. Target implementation date: July 2023 2.2 The Department for Business and Trade does not recognise the Committee’s description of its predecessor department, the Department for Business, Energy & Industrial Strategy’s, lack of curiosity regarding lender performance. 2.3 Driving positive outcomes in lender behaviour is an important tool to mitigate the risk of avoidable losses to the public purse. The Department for Business and Trade, British Business Bank (BBB) and other government stakeholders work closely with UK Finance and individual lenders to achieve this. 2.4 A Lender Performance Advisory Board provides government’s oversight and strategic advice, considers action to minimise losses and enables cross-government coordination and escalation routes. The Board is chaired by the responsible DBT Director General and brings together BBB’s Chief Executive with senior leaders from HM Treasury, Cabinet Office’s Public Sector Fraud Authority and UK Government Investments. 2.5 Current workstreams across these organisations include: • Improving data collection (and embedding those principles into future schemes from the outset), robustness, and transparency to help understand lender performance and prioritise interventions. Work is continuing to develop the lender portal, standardise data definitions, improve the analysis dashboard and review the range of data published. • Improving policies and procedures to ensure lenders are operating in accordance with scheme requirements and striving to minimise avoidable loss. This includes enhanced guidance for debt write-off; pilots testing the case for additional action when wrongdoing is suspected; and a Counter Fraud Strategy. • Targeted action to address individual lender poor performance and maximise recovery of associated losses. This includes audits on lender processes and performance from initial loan approval through to recoveries; claims and write-offs; negotiations to recover losses where poor performance is identified; and undertaking additional assurance activities. 2.6 DBT will provide

Source

Inquiry
BBC Digital
Report
Forty-Sixth Report - BBC Digital
28 Apr 2023
HC 736
View on Parliament website ↗

Addressee Bodies

HM Treasury

Timeline

Recommendation age 3.1 yrs
Report published 28 Apr 2023