A UK tax expert predicts there will be a slow-down in the exchange of information between tax agents and the tax collector in the wake of a data protection breach that has left the personal details of millions of Britons at large.
Chartered Institute of Taxation vice-president Andrew Hubbard told TA that the security blunder is likely to lead to a tightening of processes and improvements to HM Revenue & Customs (HMRC) infrastructure.
“It’s going to be cumbersome and it will probably slow things down, but that’s an inevitable consequence of saying you want to be absolutely secure in everything before you exchange information,” Hubbard explained. “It is [a matter of] trying to get a balance right so it’s a matter of getting the infrastructure right, which is a technology thing, and making sure that culturally in the organisation people don’t try and make short cuts, even if they are trying to be helpful in those short cuts.”
Data disaster HMRC chairman Paul Gray stepped down this month when it publicly emerged that two highly sensitive data CDs had been lost when they were being delivered to the National Audit Office (NAO). The discs contained the personal details – including names, addresses, date of births, National Insurance numbers and some bank details – of an estimated 7.25 million families that claim benefits for children under the age of 16. The incident could potentially affect the lives of 25 million British citizens, leaving them susceptible to the risk of fraud.
Hubbard, who is also the technical tax director at UK firm Tenon Group, described the security breach as an example of what could happen when rules aren’t followed. He said it highlights the growing importance of IT security within organisations and believes HMRC will now upgrade its IT infrastructure.
Richard Dyson, president of the Institute of Chartered Accountants in England and Wales, told TA HMRC has been under-funded by government, which resulted in a slide in front-line service standards across the department.
TA understands a lack of resources may have contributed to the severity of the data breach. It emerged that NAO officials had requested the data be sent over “as safely as possible due to their content” and that they did not need “address, bank or parent details in the download”. HMRC later confirmed the discs contained more information than necessary and were not edited, as requested, in order to cut costs. “We don’t have infinite resources, we have to use our resources rationally,” a spokesperson said.
The scale of the data protection failure prompted the UK government to form a group to investigate HMRC security, which is to be led by PricewaterhouseCoopers UK chairman Kieran Poynter and the Independent Police Complaints Commission.
The investigation is intended to establish where the breach occurred and how systems may be improved. However, it is too late for Gray, who decided to accept a share of the responsibility by resigning. Hubbard said the profession had a high regard for Gray and the transparent manner in which he operated.
HMRC has announced that David Hartnett will take over as acting chairman. He has worked in the department for more than 30 years, and his first task will be to increase public confidence in HMRC in time for the tax season early next year.