Inappropriate System Uses
Computing reports that the Department of Work and Pensions (DWP) has a database (Customer Information System - CIS) that makes 92 million tax and benefit records available to 80,000 DWP employees, 60,000 workers from other government departments, and staff from 445 local authorities.
Since July 2008 these workers have also had access to HMRC's tax credit data through the system.
So far so bad.
DWP claimed in February 2007:
"With regard to the CIS, there are strict measures in place to protect the integrity of people's data.
Access to the information is only allowed where it is legal to do so, and it is restricted to the specific business needs of the customer.
Specific controls are in place
to restrict who can see each field, which manages the risk of unauthorised or inappropriate access ."
Now here is where the problems really start, Computing has discovered that in the six months to January 2009, six DWP employees were disciplined for "inappropriate use" of the system.
In the same period, local authorities were obliged to carry out internal investigations eight times after being notified by DWP that CIS had been accessed inappropriately.
How many other undiscovered inappropriate uses of CIS are there?
These issues are clearly not failings of HMRC systems or personnel. However, they are issues that HMRC should be concerned about as they affect the confidentiality of taxpayers' data which is sacrosanct within HMRC.
Tax does have to be taxing.