HM Revenue & Customs has drawn up plans that would allow the personal financial data of the UK's taxpayers to be released to third parties, in a move that echoes that of the NHS's Care.data initiative.
The draft legislation would allow data relating to millions of taxpayers to be sold to private companies and public bodies if there is deemed to be a public benefit. The government insists that the data would be "anonymised" or "aggregated", but this echoes some of the assurances made about the Care.data initiative, which has been delayed for six months because it was so poorly communicated to patients and because there were fears that it would be possible to re-identify patients from pseudonymised data sets.
The plans are spearheaded by Treasury minister David Gauke and aim to make the administration of the tax system more efficient.
There was a public consultation on the matter last year, with responses published in December 2013. In those responses, HMRC says it is considering charging options for organisations wishing to access the data.
It is not clear exactly which data would be released and to whom, but HMRC does store a lot of data. Those data are protected with stringent legislation because of the "scope and depth of the information HMRC collects, creates and protects on behalf of taxpayers". As a result data sharing is limited. "This provides all of us with the assurance that our information will be protected, essential to the effective operation of the tax system," explains the consultation document.
However, HMRC argues that there are great potential benefits that could come from data sharing: improvements to policy making, helping improve access to credit for business and making it easier to protect against fraud. "But it is paramount that any data release has appropriate safeguards, essential to maintaining taxpayer confidence and protecting HMRC's reputation," the report says, adding that none of the proposals relate to the release of "individual taxpayers' financial or tax payment data".
These words might be more reassuring had the same rhetoric not been used for the bungled Care.data launch, or if HMRC had not already been responsible for a number of major data breaches, including one in 2007 where personal data relating to every child in the country and the national insurance numbers and bank account details of parents claiming child benefit -- stored on CDs
went missing in the post.
HMRC has already launched a pilot programme where it has released data relating to VAT registration to three credit ratings agencies: Equifax, Experian and Dun & Bradstreet.
Tory MP David Davis described the proposed changes to legislation as "borderline insane", telling the Guardian that "the Treasury lists no credible benefits" and that the "officials who drew his up clearly have no idea of the risks to data in an electronic age".
The proposed changes have also been criticised by The Chartered Institute of Taxation, the president of which, Stephen Coleclough, said in a statement back in October: "Taxpayers' records are personal data and must therefore be outside the scope of data sharing. Taxpayer confidentiality, and the avoidance of any potential damage caused by data release, must take precedence over any benefits of 'Open Data'. These proposals seek to use personal data in an anonymised or aggregated way, but in reality, this is extremely difficult without exposing individuals to identification with their personal data."
He added that the Institute did not object in principle to the "publication and release of aggregate and anonymised data". "However, we are concerned that even the strictest safeguards and deterrents may not be sufficient to prevent the misuse of data and the identification of individuals -- for example by being cross referenced with other data. This is dangerous territory and these proposals must progress with significant caution and sustained consultation because once the data genie is out of the bottle, it cannot be put back."
This article was originally published by WIRED UK
