Data Protection Act breach

**Wibble1** · 29 January 2016, 14:32

Originally posted by Jonathan99 View Post

Hi all

I used a DOTAS scheme for four years and I’ve just started receiving APNs. For one of the APNs I could not reconcile the data at all. Then I noticed that the backup calculation was for a different person altogether! So now I have someone else’s backup calculation of their APN and presumably my backup has been sent to that person or elsewhere.

This seems to me to be a serious breach because:
a) I now hold someone else’s personal data including salary, their UTR, and I know that they used a DOTAS scheme.
b) Someone presumably now has my data. I don’t know who holds that data and I imagine HMRC would not be able to tell me definitely.
c) The person who holds my data knows my salary, UTR etc.
d) The information is highly confidential information. And it is no longer secure.

My question is, does this amount to a breach of the Data Protection Act and/or other legislation? And, if so, is this breach serious enough that I can request HMRC to bring their review to a close and issue Closure Notices for all years under review?

I welcome all advice.

Kind regards
Jon

Blimey. What a mess. If this did result in reviews being closed lets start swapping letters with each other an claim the same issue of being sent other peoples details in error. Nothing else seems to be working.

**DaveB** · 29 January 2016, 14:45

Originally posted by Jonathan99 View Post

Hi all

I used a DOTAS scheme for four years and I’ve just started receiving APNs. For one of the APNs I could not reconcile the data at all. Then I noticed that the backup calculation was for a different person altogether! So now I have someone else’s backup calculation of their APN and presumably my backup has been sent to that person or elsewhere.

This seems to me to be a serious breach because:
a) I now hold someone else’s personal data including salary, their UTR, and I know that they used a DOTAS scheme.
b) Someone presumably now has my data. I don’t know who holds that data and I imagine HMRC would not be able to tell me definitely.
c) The person who holds my data knows my salary, UTR etc.
d) The information is highly confidential information. And it is no longer secure.

My question is, does this amount to a breach of the Data Protection Act and/or other legislation? And, if so, is this breach serious enough that I can request HMRC to bring their review to a close and issue Closure Notices for all years under review?

I welcome all advice.

Kind regards
Jon

No idea about getting the review closed, but your first port of call re the privacy issues should be the ICO. They have a very useful help line you can call. 0303 123 1113.

You can also register concerns online :

https://ico.org.uk/concerns/handling/

However they will expect you to have notified the organisation concerned and given them a chance to sort it out. Template letter and guidance here:

https://ico.org.uk/for-the-public/raising-concerns/

**fullyautomatix** · 30 January 2016, 06:41

I am fairly sure the judge and jury will have a sustained laugh when you argue that a data breach is enough to cancel all your dodgy tax schemes.

Data Protection Act breach