An "ooops!" By HMRC?

[Spiceskull]

Here is a tricky one...

 

Because of Ginger Spice, Mrs Spice, quite rightly, notified HMRC due to the change in circumstances of our marriage, and in respect of Child Tax Credits/Allowances. She has decided to remain as Ms PreSpice, and therefore her details do not indicate, at first glance, that she is actually Mrs Spice.

 

Today in the post we both received identical paperwork from HMRC, and in respect of Child Tax Credits. My correspondence clearly had all my own relevant details, but it also included Ms PreSpice's address, total earnings for the previous year and National Insurance number. To top it all, they even provided me with Mrs Spice's bank name, account name, sort code and account number.

 

Mrs Spice's correspondence included similar information about me.

 

Now, I accept that there are certain exemptions when people are married, and that the whole communication is in the context of "our" claim for credit, but at no point did I authorise my National Insurance number being passed to a third person, nor any of the other details that could potentially expose me to ID theft and financial mischief.

 

It isn't that we don't share information, but I find this very assumptive of HMRC. After all, my wife is not Mrs Spice on paper, and indeed she or I could be "anyone" - does this represent a serious breach of DPA rules, or are there exceptions in this case?

 

I'm baffled...

[Spiceskull]

I forgot to put the above into context:

• We have a lodger upstairs, who shares the same surname as me, and has occasionally opened my post
  
• Royal Mail admit that (insert figure) percent of letters get lost or are undelivered
  
• Name and address details can be entered incorrectly

All three of the above indicate that there is a very real possibility of my letter being opened by another person, and therefore having access to all that information. Fully preventable security measures against ID Theft/Fraud have not been used.

 

To top all that, the forms were originally sent to Mrs Spice, Mrs Spice filled them in as it was "her" claim, and at no time did I take part in the form filling exercise (other than to give Mrs Spice answers to some of the questions)

 

Four weeks later I receieve a letter containing all that information.

 

My point is this - the letter contained far more information than was necessary, and therefore constituted an unnecessary and preventable security breach. A letter along the lines of:

Dear Mr Spice,

 

Your joint claim has been assessed, and you are entitled to £xx. This will be paid monthly, to Mrs Spice's account, details as provided.

 

If you have any questions please call the number below, quoting your National Insurance number and the above reference number.

There is no potential risk in a letter such as that, provides all the information we could ever need, and gives people like me one less reason for taking umbrage and going off on one...

 

The irony of the situation is not lost on me - a developing relationship with HMRC seems to have grown up in the last few weeks, and this will be my third separate channel of contact with them...

[Bookworm]

but at no point did I authorise my National Insurance number being passed to a third person, nor any of the other details that could potentially expose me to ID theft and financial mischief.

Are you sure that when Mrs Spice advised them of the change of circumstances, she didn't advise them at the same time of what your NINO was? Usually, in pretty much all of their correspondence, they ask for that information. I don't know, obviously, I'm thinking aloud here.

 

Otherwise, what is the conclusion? That Mrs Spice said she is now married to Mr Spice, DOB some-time-before-the-flood, and they went to dig out your records based on that and your address?

 

ID theft, yeah right. At some point, to ensure that the money is going to go to the right place, they have to communicate those details, or you'd hear the howl going up from John O'Groats to Land's End when money goes to other people's accounts that HMRC, "yet again", messed up, failed to exercise basic control, bla-di-bla.

 

Yes, it's unfortunate your upstairs chap has the same name, but unless he also has the same initials/first name, then maybe he can look at the complete name on the letter before opening it?

 

I am no great fan of HMRC, but let's give it a rest for a minute. 8-)

[Spiceskull]

My point is that yes, we give them that information so that they can process all relevant details for the claim. However, as we already know all these details, there is no need to copy them back to us in the letter.

 

Post ending up in the wrong hands is a very real problem, as is lost or mislaid post, and therefore they really only need to communicate back to us the barest details.

 

Bank account details and NI number are not relevant to this communication, at least insofar as they need to print them, as a simple "enquiry" option would ensure that we can verify the details if required...all I am saying is that this was needlessly too much information...and therefore a risk...

 

Let's look at the numbers:

• 8,000,000 children in this country under the age of sixteen, and therefore to be included in child tax credit calculations
  
• Theoretically that means the details of 16,000,000 adults being processed in the same way as ours
  
• Being generous to Royal Mail, and excluding all other factors, 1 in 1,000 of these letters (one tenth of one percent) are opened by the wrong person, whatever the circumstances or intentions...
  
• That means that each year there is the very real potential to compromise the details and status of 16,000 adults
  
• And that is assuming that HMRC has all the correct details, has processed them correctly, and all payments have gone to the intended recipients...

So, my point remains that this is an unnecessary risk, and one that is obviously repeated every year...crikey, that howl just got louder by a factor of ten...

[Spiceskull]

Doh...the potential for mischief is provided with the letter by the inclusion of an "...are these details correct..." form.

 

If no, then you are invited to call the number and "correct" the details. A mischief maker, already in possession of my bank details, would call and "correct" the bank account to one they have prepared earlier...

 

And in possession of the original letter, with all of the contained details, should have no problem passing the security checks...

 

So, the money still going to the wrong person, and also my account being cleaned out by the naughty little rascal...two birds and one stone anyone?