System depends on privacy, tax adviser says

New Zealand taxpayers are well served by the Inland Revenue Department but vigilance is still required to prevent beaches of privacy, Deloitte Dunedin tax partner Peter Truman says.

The IRD had access to a great deal of detail regarding a person's financial and personal situation.

"It is inherent on the IRD to do what they can to make sure there are no breaches of privacy. If the information is not secure, taxpayers may become less willing to deal openly with the IRD as they otherwise might do."

The New Zealand tax system relied on voluntary compliance and if taxpayers believed their information was not being kept confidential and became less compliant, the tax system started to fail, Mr Truman said.

Contacted to comment on a report saying there had been 32 privacy breaches at the Inland Revenue Department involving 6300 people in the past year, Mr Truman said the sheer volume of the information being handled by the department staff meant human error was always possible.

Each morning, the Deloitte tax team received an envelope containing statements regarding about 50 clients. Occasionally, some statements were included from another firm.

"Given the stuff they handle, I understand how it happens. The system relies on goodwill, so we bundle up the stuff that is not ours and send it back."

At the weekend, Mr Truman attended the Institute of Chartered Accountants tax conference at which new IRD commissioner Naomi Ferguson and Revenue Minister Peter Dunne spoke.

Both speakers talked about the move to the "digital age" for the IRD.

IRD's First computer system had been operating more than 20 years and had bolted on to it complex systems like student loans and Working for Families.

IRD had previously spent a lot of money on a "certain digital route" only to find it was not working so it was scrapped, Mr Truman said.

"They are moving to the digital age, but it is not happening quickly."

Mr Truman still believed the IRD system was serving taxpayers well, but warned that the department could not rest easy believing its system was working as well as it could. Constant vigilance to stop privacy breaches was paramount, he said.

Mr Dunne said he was not happy with any breaches and apologised to anyone whose information had been compromised.

"We deal with 25 million transactions a year so 32 breaches out of 25 million is a pretty small number."

Polson Higgs tax partner Michael Turner said that given the size of IRD with its 22,000 staff, there could never be a total guarantee that privacy would not be breached.

Periodic breaches had always happened but the speed at which those incidences were publicised on the internet made the situation much different from the way it previously had been, he said.

Losing trust in the system was the biggest risk faced by the IRD and the larger the breach of privacy, the larger the risk of a loss of trust, Mr Turner said.

Labour revenue spokesman David Clark more than a week ago alerted the Otago Daily Times to the possibility the IRD would be the next government department to suffer privacy breaches.

He was horrified his prediction had proved correct.

"It doesn't get more serious than this. Peter Dunne must front up and explain how the IRD breached 6300 Kiwis' privacy and why over 5700 people haven't been told of the loss of their private details."

Across all government departments, four New Zealanders out of every 1000 had been now subject to a privacy breach from either ACC, Work and Income or IRD, he said.

New Zealanders were becoming wary of the lack of safeguards around their privacy. Figures from the 2009-11 financial years showed that voluntary compliance on tax had declined.

Dr Clark said the IRD was a shambles.

"The IRD still needs to collect around $7 billion of tax and has left one million tax returns unprocessed. The biggest problem is the First computer system which is 20 years old and essentially held together by tape."

The Government needed to provide a cogent plan and believable timeline to fix the system, Dr Clark said.

dene.mackenzie@odt.co.nz