Taxpayers personal data (FOI)
Taxpayers personal data (FOI)Produced by the Freedom of Information office
Authored by States of Jersey and published on 08 February 2017.
Does the Income Tax department send personal taxpayer data to local or non-local non-governmental bodies of any kind in electronic format?
If the answer to the above is 'yes' then:
- for what purpose is that data sent
- is data for all taxpayers sent
- how is the data transmitted
- what precautions are taken to ensure the security of the data
- what due diligence is undertaken to ensure that the third parties handling the data have adequate systems and controls in place to ensure the security of the data
- what controls are in place to ensure that the data is permanently deleted by the third parties once it is no longer required
Yes. Where taxpayers are represented by a tax agent (such as an accountancy firm or lawyer), some individual data will occasionally be transferred by electronic means. The data that is sent is transmitted in a robust and secure manner which includes the use of encryption technology.
Additionally the Taxes Office has one contract with a Jersey based printer to print and post the annual tax return for personal taxpayers. Around 50,000 tax-return forms are printed each year for personal taxpayers.
That printing process involves the ‘pre-population’ of each tax return with the taxpayer’s name, postal address and a tax reference number. This is sub-contracted by the Jersey printer to a UK based printer.
The Taxes Office supplies its printers with names, addresses and tax reference numbers for 50,000 or so personal taxpayers. This data is sent to the printer in a robust and secure manner which includes the use of encryption technology.
The printers work to the international security standard known as “ISO 27001” which is a comprehensive set of protocols and techniques for providing good information management security. Holders of the standard are subject to internal and (annual) external audit in order to retain certification with regard to ISO 27001.
The Taxes Office contract with the printers includes the obligation on the printers to destroy data immediately after satisfactory completion of printing. The Comptroller of Taxes has already received confirmation of the destruction of data used to populate the tax returns which were posted over the last few weeks.
The printers were externally audited in the middle of January 2017 and successfully re-certified.
The Taxes Office awarded this printing contract in full compliance with the States of Jersey’s procurement rules which also follow international best practice. As a further security measure, for the last two years, returns have been introduced into the postal system direct from the printer’s secure premises which reduces the risk of a bulk loss of personal data.