Thousands of taxpayers have urged HMRC to delete the biometric data it stored during phone calls made to its Voice ID system.
HMRC has gathered millions of callers’ biometric data since launching its Voice ID system in 2017. However, non-profit organisation Big Brother Watch stated that people have been ‘railroaded into a mass ID scheme by the back door’.
HMRC’s Voice ID system allows taxpayers to say a key phrase when calling its helpline, which is used in place of a conventional password in order to grant access to accounts. The Revenue now permits individuals to opt out of using the Voice ID scheme, and delete any data captured. However, millions of Voice ID records have been stored in a third-party database.
Big Brother Watch said that it has reported HMRC to the Information Commissioner’s Office (ICO), on the grounds that it has ‘broken data protection laws’.
Figures show that there are seven million taxpayers currently enrolled in HMRC’s Voice ID database. According to a Freedom of Information request, 162,185 individuals have opted out of the Voice ID scheme and have had their biometric data deleted by HMRC.
A spokesperson for HMRC said: ‘Our Voice ID system is very popular with millions of customers as it gives a quick route to access accounts by phone.
‘All our data is stored securely, and customers can opt out of Voice ID or delete their records any time they want.’
From 9 January 2019, the government’s new ban on pensions cold-calling takes effect.
Making unsolicited calls in regard to pensions is now illegal, and any business found to be breaking the law will face fines of up to £500,000.
Data published by the Money Advice Service recently revealed that as many as eight scam calls are made every second in the UK, totalling 250 million unwelcome calls per year.
Meanwhile, research conducted by the Financial Conduct Authority (FCA) suggested that pension scammers stole an average of £91,000 per victim in 2018.
Commenting on the ban, John Glen, Economic Secretary to the Treasury, said: ‘Pension scammers are the lowest of the low. They rob savers of their hard-earned retirement and devastate lives. We know that cold-calling is the pension scammers’ main tactic, which is why we’ve made them illegal.
‘If you receive an unwanted call from an unknown caller about your pension, get as much information you can and report it to the Information Commissioner’s Office (ICO).’
The ICO website can be accessed here.
A poll commissioned by insurance firm Aon has suggested that UK small and medium-sized enterprises (SMEs) are ‘unmindful of the risks’ that cyber-attacks and data breaches pose to their business.
The poll found that eight out of ten small firms don’t regard cyber-attacks or data breaches to be significant risks to their business.
Earlier this year, a survey carried out by the National Cyber Security Centre (NCSC) revealed that almost half of UK firms fell victim to a cyber-attack or data breach in 2017. 66% of SMEs were affected by a loss of data, according to the survey.
Aon’s poll also revealed that 31% of SMEs don’t currently insure against cyber and data risks. An additional 68% were unaware that data breaches must be reported to the Information Commissioner’s Office (ICO).
Commenting on the poll, Chris Mallett, Broking Manager at Aon, said: ‘What’s more, it revealed one in three don’t see personal information stolen as a result of a cyber-attack or fraud as a data breach.’
‘There is a lot of misunderstanding of risks, and still a worry among SMEs that it must be complicated,’ said Dr Emma Philpott, Founder of the UK Cyber Security Forum.
‘It is not always about high end security. It’s about having the basics in place to protect you from indiscriminate attacks. Educating staff takes time, but doesn’t cost anything at all.’
A survey carried out by the Department for Digital, Culture, Media and Sport (DCMS) has revealed that a significant number of UK businesses have been affected by cyber-attacks and breaches over the past 12 months.
Four in ten of all UK businesses experienced a cyber-attack or breach over the past year, the DCMS found.
The survey revealed that the most common attacks involved the sending of fraudulent emails, and criminals impersonating an organisation online. Malware and viruses also proved to be particularly harmful to UK businesses, the DCMS found.
72% of large businesses were subject to an attack, with the cost of all attacks on such firms over the past year totalling £9,260.
According to the survey, large businesses experience an average of 12 attacks per year, whilst medium-sized firms experience six.
Commenting on the survey, Margot James, Minister for Digital and the Creative Industries, said: ‘We are investing £1.9 billion to protect the nation from cyber threats and I would urge organisations to make the most of free help and guidance available for organisations from the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC).’
Meanwhile, Ciaran Martin, CEO of the NCSC, stated: ‘Cyber-attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.
‘Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses.’
With less than one month until the introduction of the new General Data Protection Regulation (GDPR), the Federation of Small Businesses (FSB) has warned small and medium-sized enterprises (SMEs) that time is running out for them to prepare.
The business group stated that small businesses face an ‘uphill challenge’ in ensuring that they are compliant by 25 May 2018 – the date from which the new regulation takes effect.
Under the new rules, organisations which collect, store and process individuals’ personal data will be subject to new obligations, with an increased emphasis on accountability and transparency.
The financial penalties for failing to comply are severe, with fines costing up to €20 million or up to 4% of total annual worldwide revenue, whichever is the greater.
The FSB has called on the Information Commissioner’s Office (ICO), the regulatory body that will monitor firms’ compliance, to adopt an ‘understanding approach’ to GDPR enforcement.
‘As the GDPR deadline swiftly approaches, there is a real danger that many small businesses are yet to have adequately prepared for the changes,’ said Mike Cherry, National Chairman of the FSB.
‘Fortunately for these businesses, there is still time on the clock to start, or finish, their preparations.
‘The GDPR is the largest shake-up of data protection laws for years, and whether you are a personal trainer or a consultant, most businesses will have to implement changes to their current practices to make sure they are complying with the new rules.’
Further information on the GDPR can be found on the ICO website.