We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
HMRC have emailed me another persons tax/NI complaint response - what should I do!
"We normally aim to respond to complaints in 15 working days.
HMRC takes the security of personal information very seriously.
I will be very careful about the information I send to you via email, for example by only quoting part of any unique reference numbers. I will also never include some information such as bank account details."
Yesterday I received an email from them regarding somebody elses compaint with their name, info on the complaint and a resolution including an 18 digit code to pay HMRC with.
I now also wonder who (if anyone) has my complaint resolution? Is this a breach of GDPR?
Any advise from the sages on here about how I should deal with this?
Thanks,
Sky.
Comments
-
Yes, it's a breach of GDPR for them to send personal data to the wrong recipient, so you could report it to the ICO if you felt it worthwhile to do so - it won't actually achieve anything though!1
-
It's a breach of GDPR but doesn't seem to include any information you could use fraudulently - and simply disclosing a name is hardly going to enable you to identify the individual concerned.skycatcher said:A week ago I raised a formal online complaint to HMRC regarding a long running issue with a NI payment. I got a reponse from them by email saying (and I quote)"We normally aim to respond to complaints in 15 working days.
HMRC takes the security of personal information very seriously.
I will be very careful about the information I send to you via email, for example by only quoting part of any unique reference numbers. I will also never include some information such as bank account details."
Yesterday I received an email from them regarding somebody elses compaint with their name, info on the complaint and a resolution including an 18 digit code to pay HMRC with.
I now also wonder who (if anyone) has my complaint resolution? Is this a breach of GDPR?
Any advise from the sages on here about how I should deal with this?
Thanks,
Sky.
Go back to HMRC and point out their error and ask what's happening to your complaint.Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!0 -
I concur....I don't need the hastle - just want my issue sorted!0
-
That very much depends on the name. My first and last name are shared by just 2 people in the UK (me included). Add in a middle name or initial and you have just found 1 in 67 million!Marcon said:simply disclosing a name is hardly going to enable you to identify the individual concerned.1 -
So the chances of it being you are very slim!tizerbelle said:
That very much depends on the name. My first and last name are shared by just 2 people in the UK (me included). Add in a middle name or initial and you have just found 1 in 67 million!Marcon said:simply disclosing a name is hardly going to enable you to identify the individual concerned.Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!1 -
My complaint (about voluntary NI paid but not showing on my NI record) took about a month from the acknowledgement email to the resolution email.1
-
Technically arguably whether ICO would consider it a breach or not. Ultimately it's HMRC's obligation to determine whether it's a reportable breach or not. You going to ICO is not likely to result in any benefit to you.
Suggest you inform HMRC of their mistake and offer to delete the email. You may want to include advice.dpa@hmrc.gov.uk.1 -
I don't think there's any argument that it clearly is a breach, but it's very much at the least significant end of the severity scale, so there's little prospect of any meaningful action as a result of reporting it.gravel_2 said:Technically arguably whether ICO would consider it a breach or not. Ultimately it's HMRC's obligation to determine whether it's a reportable breach or not. You going to ICO is not likely to result in any benefit to you.
You're right that data processing organisations do have responsibilities to notify ICO of breaches they're aware of, especially significant ones, but that doesn't prevent others from doing so, i.e. OP is able to report it regardless of what HMRC chooses to do.
However, I think we all agree that it's not likely to be particularly productive to report it!0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.8K Spending & Discounts
- 246.1K Work, Benefits & Business
- 602.2K Mortgages, Homes & Bills
- 177.8K Life & Family
- 260K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards