The Revenue has long maintained that no sensitive personal data should be allowed outside the UK. Now there are signs on its Web site that it is moving towards a relaxation of that policy.
The Data Protection Act 1998 states that "personal data shall not be transferred to a country or territory outside the European Economic Area", though this principle is open to exemptions and interpretations in certain cases. It is to these exemptions and interpretations that the Revenue would need to look if it wished to enter into a contract that sees records outsourced to other continents.
In other words, the Government may countenance operating out on the margins of UK legislation, which would result in the bending of UK data protection principles, in order to process sensitive data more cheaply.
What if IT workers in another country pass on data for gain?
Currently, anyone leaking or selling on sensitive revenue information would be subject to criminal proceedings under UK law. But no such legislation may apply overseas. The Revenue denies that anything other than development work could be sent abroad. However, it admits on its Web site that "all current arrangements are being reviewed".
Should live tax records go abroad, the Revenue will have set a worrying precedent. What data will follow them across the globe - health data? Criminal records? Whatever their nature, they would never be as secure as they are today.
This was first published in April 2002