HMRC reveals risk to public data from its IT systems
CONCERNS have been raised over HMRC pushing ahead with the digitisation of tax, after its annual report revealed a security risk to the public’s data.
The tax authority is pressing forward with its Making Tax Digital programme, which mandates that businesses and individuals must keep digital records and file their income quarterly.
Officials insist its rollout over the next three years will make it easier for people and firms “to get their tax right and keep on top of their affairs”.
However, industry groups have complained that it increases the cost and administrative burden for small businesses.
Last night a new objection to the scheme was raised by MPS and campaigners on the grounds of security, after HMRC revealed its data protection compliance was a “red” coded risk – the highest level.
Its annual report, published earlier this month, conceded: “We do not operate our security processes and controls or manage our infrastructure and vulnerabilities effectively enough to protect HMRC, our customers, people and assets from harm or misuse.”
David Davis, the former Cabinet minister, called on the Government to fortify its IT systems before digitising more tax records.
He said: “The fact that HMRC itself recognises the serious risk to public data means their priorities should not be about digitising systems so much as about making them more secure.”
The Tory MP added: “Frankly, given my observation of HMRC’S previous investments in digitisation, I would want to see someone other than them audit their security before we start enlarging the extent to which they have got data effectively accessible online.”
John O’connell, the chief executive of the Taxpayers’ Alliance, also expressed fears about the security risks identified.
“Taxpayers expect a system that is simple and secure,” he said. “We can’t have an online tax system which risks our data or is easy pickings for cyber attacks.”
He added: “Protecting taxpayers’ privacy must be of the utmost importance.”
Yesterday Jim Harra, HMRC’S chief executive, insisted that the Government was aware of the issue and highlighted that the Treasury had provided around £1billion in the latest three-year spending review to improve the tax authority’s IT and data security over this parliament.
Mr Harra told the Financial Times: “We have an extremely low appetite for any risk in relation to our customer data. It’s just something we’re constantly vigilant about.”