Friday, January 21, 2011

Finance Bill 2011 - impact on Irish data protection and computer crime law

I'm indebted to Rossa McMahon and Daragh O'Brien for pointing out (via Twitter) two interesting provisions in the Finance Bill 2011 (PDF).

Section 71 creates a new revenue offence of possessing or using computer tools for the purpose of evading tax:
71.—Section 1078 of the Principal Act is amended in subsection (2), by inserting the following after paragraph (b): "(ba) knowingly or wilfully possesses or uses, for the purpose of evading tax, a computer programme or electronic component which modifies, corrects, deletes, cancels, conceals or otherwise alters any record stored or preserved by means of any electronic device without preserving the original data and its subsequent modification, correction, cancellation, concealment or alteration,
(bb) provides or makes available, for the purpose of evading tax, a computer programme or electronic component which modifies, corrects, deletes, cancels, conceals or otherwise alters any record stored or preserved by means of any electronic device without preserving the original data and its subsequent modification, correction, cancellation, concealment or alteration,".
This would appear to cover a wide range of software and hardware, including encryption and steganography software and secure deletion tools. (Though not the encryption of the Anglo files, unless it could be shown that those files were encrypted for the purpose of evading tax.)

Section 73, meanwhile, creates what is in effect a parallel data protection system for the Revenue. Although too long to quote in full, an interesting aspect is that it creates a new offence of unauthorised disclosure of information:
(2) All taxpayer information held by the Revenue Commissioners or a Revenue officer is confidential and may only be disclosed in accordance with this section or as is otherwise provided for by any other statutory provision.

(3) Except as authorised by this section, any Revenue officer who knowingly—
(a) provides to any person any taxpayer information,
(b) allows to be provided to any person any taxpayer information,
(c) allows any person to have access to any taxpayer information, or
(d) uses any taxpayer information otherwise than in the course of administering or enforcing the Acts,

shall be guilty of an offence and shall be liable —
(i) on summary conviction to a fine of €3,000, and
(ii) on conviction on indictment to a fine of €10,000.
I wonder whether this amendment may have been prompted by the publicity attached to these recent examples of wrongdoing by Revenue staff.

No comments:

Post a comment