shake-up as HMRC chair resigns
A UK tax expert predicts there will be a slow-down in
the exchange of information between tax agents and the tax
collector in the wake of a data protection breach that has left the
personal details of millions of Britons at large.
Chartered Institute of Taxation vice-president
Andrew Hubbard told TA that the security blunder is likely to lead
to a tightening of processes and improvements to HM Revenue &
Customs (HMRC) infrastructure.
“It’s going to be cumbersome and it will probably slow things down,
but that’s an inevitable consequence of saying you want to be
absolutely secure in everything before you exchange information,”
Hubbard explained. “It is [a matter of] trying to get a balance
right so it’s a matter of getting the infrastructure right, which
is a technology thing, and making sure that culturally in the
organisation people don’t try and make short cuts, even if they are
trying to be helpful in those short cuts.”
HMRC chairman Paul Gray stepped down this month when it publicly
emerged that two highly sensitive data CDs had been lost when they
were being delivered to the National Audit Office (NAO). The discs
contained the personal details – including names, addresses, date
of births, National Insurance numbers and some bank details – of an
estimated 7.25 million families that claim benefits for children
under the age of 16. The incident could potentially affect the
lives of 25 million British citizens, leaving them susceptible to
the risk of fraud.
Hubbard, who is also the technical tax director at UK firm Tenon
Group, described the security breach as an example of what could
happen when rules aren’t followed. He said it highlights the
growing importance of IT security within organisations and believes
HMRC will now upgrade its IT infrastructure.
Richard Dyson, president of the Institute of Chartered Accountants
in England and Wales, told TA HMRC has been under-funded
by government, which resulted in a slide in front-line service
standards across the department.
TA understands a lack of resources may have contributed to
the severity of the data breach. It emerged that NAO officials had
requested the data be sent over “as safely as possible due to their
content” and that they did not need “address, bank or parent
details in the download”. HMRC later confirmed the discs contained
more information than necessary and were not edited, as requested,
in order to cut costs. “We don’t have infinite resources, we have
to use our resources rationally,” a spokesperson said.
The scale of the data protection failure prompted the UK government
to form a group to investigate HMRC security, which is to be led by
PricewaterhouseCoopers UK chairman Kieran Poynter and the
Independent Police Complaints Commission.
The investigation is intended to establish where the breach
occurred and how systems may be improved. However, it is too late
for Gray, who decided to accept a share of the responsibility by
resigning. Hubbard said the profession had a high regard for Gray
and the transparent manner in which he operated.
HMRC has announced that David Hartnett will take over as acting
chairman. He has worked in the department for more than 30 years,
and his first task will be to increase public confidence in HMRC in
time for the tax season early next year.