Serious privacy concerns

Peter Truman
Peter Truman
Deloitte Dunedin tax partner Peter Truman yesterday raised concerns about the potential sharing between government agencies of information gathered by Inland Revenue.

If information was to pass from IRD to other government agencies, there needed to be an independent review of the basis for passing the information, to determine whether the information request was appropriate and that taxpayer rights were being protected.

''A decision to pass information should not rest solely with public servants,'' Mr Truman said.

The Government was consulting on a proposal that would enable IRD to share information with other enforcement agencies where serious crime was suspected.

IRD and other government agencies already share data in areas including: ACC, to enable levies to be invoiced based on tax return data; Ministry of Social Development, to confirm community services card eligibility; Ministry of Business, Innovation and Enterprise, to confirm parental leave payment eligibility; New Zealand Customs, to enable interest to be charged on student loans where borrowers were offshore; Ministry of Justice, to help find people with outstanding fines; and the Department of Statistics.

Mr Truman said IRD had wide powers of access to require taxpayers and third parties to provide information. Income from illegal activities, such as drug-dealing, was still taxable and the IRD might already hold data on illegal activities.

The New Zealand tax system was based on voluntary compliance, with taxpayers encouraged to meet their tax obligations of their own free will, he said.

A key component of that approach was that IRD would identify those who did not comply and, where appropriate, penalise them for not doing so.

''If information that is provided to IRD can be shared with other government enforcement agencies, this could act as a disincentive for taxpayers to provide information to IRD. This runs counter to the objective of encouraging voluntary compliance.''

Given the wide information-gathering powers IRD had, Deloitte was concerned that being able to use the information for a purpose other than administration of the tax system created potential anomalies between various government agencies and their respective information-gathering powers, Mr Truman said.

Labour Party revenue spokesman David Cunliffe said the near-daily revelations of major privacy breaches raised serious questions over plans to radically increase sharing of taxpayers' private information.

''Given the litany of privacy and information security disasters in recent weeks, including three today, New Zealanders will be very concerned about National's plans to pass around their personal tax information.

''It's not like people have faith in IRD. That department breached the privacy of 6300 people in the space of 12 months,'' he said.

Telecommunications Users Association chief executive Paul Brislen said the continuing privacy breaches from government departments came from giving people the tools to do one job then requiring them to use those tools for another purpose.

He advocated the heads of the government agencies starting immediately to audit their processes and procedures. The problem was not software, it was the ''incompetence'' of some of the people using the software.

''It starts at the top. They need to find out who has access to the material and what security is like for those people. This is not an IT problem, it is a procedure problem.''

The solution could be costly, but Mr Brislen said he was not advocating departments hire ''hackers'' to test the systems. Simple measures such as people checking the right documents were being sent to the correct recipients could be introduced immediately.

Another solution was putting information on a secure database to allow people to look at it but not copy it and send it on, he said.

Add a Comment