Fifty employees at HM Revenue and Customs lost their jobs during the past year after violating data protection regulations by accessing taxpayer information without authorisation.
The dismissals formed part of wider disciplinary action against 96 staff members for data security violations in 2024-25.
The tax authority confirmed that several dismissals resulted from staff members improperly viewing confidential taxpayer records.
HMRC maintains extensive sensitive information including home addresses, earnings data and National Insurance numbers for millions of citizens.
Employees face strict prohibitions against accessing such details unless required for legitimate work purposes.
Nevertheless, multiple workers have been discovered using the organisation’s computer systems to view accounts without proper authorisation.
LATEST DEVELOPMENTS:
The tax authority confirmed that several dismissals resulted from staff members improperly viewing confidential taxpayer records
|
GETTYThe disciplinary figures represent fewer than 0.1 per cent of HMRC’s workforce of nearly 68,000, though violations have decreased from the previous year when 138 workers faced sanctions and 68 lost their positions.
Security violations extend beyond unauthorised record searches to include making unapproved alterations to files, misplacing confidential materials and improperly disposing of unprotected equipment.
Court records detail one 2023 case where a tax office employee conducting a business compliance visit transmitted a PDF to his personal email containing 100 individuals’ earnings and National Insurance details.
He subsequently printed the document using his home computer.
The disciplinary figures represent fewer than 0.1 per cent of HMRC’s workforce of nearly 68,000
|
GETTYAnalytics teams monitoring data violations flagged the incident to management, leading to a gross misconduct investigation and termination.
The employee challenged his dismissal at an employment tribunal, claiming anxiety had impaired his judgement, but the tribunal rejected his wrongful dismissal claim.
Remote working arrangements introduced during the pandemic have contributed to increased data security incidents, according to internal HMRC communications cited in tribunal proceedings.
A manager’s email reminded staff: “There have been more incidents of this recently as we are working from home a lot more since Covid, but never send anything to your own private email address to print off that contains any personal or business data.”
HMRC fires 50 workers for spying on taxpayers
|
PAFormer HMRC inspector Ronnie Pannu, now with advisory firm Pannu Tanu, confirmed: “When I was in HMRC, there was always a strong message from above that viewing a taxpayer’s records where this was not necessary for a particular purpose was a serious issue which could have serious consequences for the individual concerned.”
John Hood from accountancy firm Moore Kingston Smith said: “Any HMRC employee foolish enough to look up personal information that is not part of their usual responsibilities faces a ticking time bomb as most searches are tracked.”
A spokesman for HMRC said: “Instances of improper access are extremely rare, and we take firm action when it does happen, helping prevent a recurrence.
“We take the security of customers’ data extremely seriously and we have robust systems to ensure staff only access records when there is a legitimate business need.”
