149 data breaches logged by Revenue
Human error mostly to blame
DATA breaches by Revenue show that bungling officials sent an ex-wife information on her former husband by accident.
Another breach involved a staff member’s exam results mistakenly sent to a third party.
Revenue said the majority of the 149 breaches were caused by human error and the volume of such incidents had been low given the volume of data they deal with.
A detailed log of the incidents reveals a significant chunk of the incidents related to Covid-19 support payments.
There were 26 cases where a compliance check letter was sent to a company with an incorrect list of employees.
Another seven cases were recorded where a compliance letter was sent to the wrong tax agent, according to a database provided by Revenue.
Other one-off incidents included one where a taxpayer’s medical receipts were sent to the wrong person and a breach where an email about a taxpayer’s audit was attached to an “unconnected third party’s correspondence”.
Also logged was a case where a final tax demand was sent to a “taxpayer’s ex-wife’s address” and another involving a final demand issued to the “incorrect person of same name”.
In another breach, a Revenue official received her “ex-husband’s information due to [a] systems error” according to the log.
There were multiple other cases involving separated couples with intervention letters sent to an ex-spouse’s address in one case and taxpayer correspondence sent in error to the address of a former spouse.
Confusion over taxpayer names caused other breaches including four cases where two individuals were using the same PPS number.
There were also internal incidents according to log including one case where a spreadsheet with staff data was sent in error to three managers. In another, the name and PPS numbers of staff were circulated to an internal mailing list.
A case was also logged where promotion forms were sent to the wrong staff member, where they had shared a name with the person who was supposed to get it. A spokeswoman said: “[With] the amount of data held and processed by Revenue in the course of carrying out our core business, a relatively small number of data breaches mainly caused by human error occur from time to time.
“The risk of human error cannot by its nature be totally eliminated but Revenue strives to minimise and manage such risk by continually working to increase awareness of, and to improve compliance with, data protection among our staff.”