New Zealand taxpayers are well served by the Inland
Revenue Department but vigilance is still required to prevent
beaches of privacy, Deloitte Dunedin tax partner Peter Truman
The IRD had access to a great deal of detail regarding a
person's financial and personal situation.
"It is inherent on the IRD to do what they can to make sure
there are no breaches of privacy. If the information is not
secure, taxpayers may become less willing to deal openly with
the IRD as they otherwise might do."
The New Zealand tax system relied on voluntary compliance and
if taxpayers believed their information was not being kept
confidential and became less compliant, the tax system
started to fail, Mr Truman said.
Contacted to comment on a report saying there had been 32
privacy breaches at the Inland Revenue Department involving
6300 people in the past year, Mr Truman said the sheer volume
of the information being handled by the department staff
meant human error was always possible.
Each morning, the Deloitte tax team received an envelope
containing statements regarding about 50 clients.
Occasionally, some statements were included from another
"Given the stuff they handle, I understand how it happens.
The system relies on goodwill, so we bundle up the stuff that
is not ours and send it back."
At the weekend, Mr Truman attended the Institute of Chartered
Accountants tax conference at which new IRD commissioner
Naomi Ferguson and Revenue Minister Peter Dunne spoke.
Both speakers talked about the move to the "digital age" for
IRD's First computer system had been operating more than 20
years and had bolted on to it complex systems like student
loans and Working for Families.
IRD had previously spent a lot of money on a "certain digital
route" only to find it was not working so it was scrapped, Mr
"They are moving to the digital age, but it is not happening
Mr Truman still believed the IRD system was serving taxpayers
well, but warned that the department could not rest easy
believing its system was working as well as it could.
Constant vigilance to stop privacy breaches was paramount, he
Mr Dunne said he was not happy with any breaches and
apologised to anyone whose information had been compromised.
"We deal with 25 million transactions a year so 32 breaches
out of 25 million is a pretty small number."
Polson Higgs tax partner Michael Turner said that given the
size of IRD with its 22,000 staff, there could never be a
total guarantee that privacy would not be breached.
Periodic breaches had always happened but the speed at which
those incidences were publicised on the internet made the
situation much different from the way it previously had been,
Losing trust in the system was the biggest risk faced by the
IRD and the larger the breach of privacy, the larger the risk
of a loss of trust, Mr Turner said.
Labour revenue spokesman David Clark more than a week ago
alerted the Otago Daily Times to the possibility the
IRD would be the next government department to suffer privacy
He was horrified his prediction had proved correct.
"It doesn't get more serious than this. Peter Dunne must
front up and explain how the IRD breached 6300 Kiwis' privacy
and why over 5700 people haven't been told of the loss of
their private details."
Across all government departments, four New Zealanders out of
every 1000 had been now subject to a privacy breach from
either ACC, Work and Income or IRD, he said.
New Zealanders were becoming wary of the lack of safeguards
around their privacy. Figures from the 2009-11 financial
years showed that voluntary compliance on tax had declined.
Dr Clark said the IRD was a shambles.
"The IRD still needs to collect around $7 billion of tax and
has left one million tax returns unprocessed. The biggest
problem is the First computer system which is 20 years old
and essentially held together by tape."
The Government needed to provide a cogent plan and believable
timeline to fix the system, Dr Clark said.