Tax agency reveals pilot programme and agreement with Home Office that enables border records to be used with the aim of helping to detect claimants that have left the UK
HM Revenue and Customs has shed light on a data-sharing programme intended to help catch ineligible recipients of Child Benefit by using Home Office information on UK border entries and exits.
The agreement was put in place last year to support a pilot exercise to explore whether the use this data could address “a specific risk entitled ‘customer abroad’, [which] relates to customers who leave the UK permanently or for prolonged periods of time without notification to HMRC… [which] results in benefits being paid incorrectly and accrues losses to the Exchequer”.
These losses typically add up to between £10m and £30m each year, according to a newly published transparency release posted on GOV.UK.
The document reveals that the trial was based on 200,000 Child Benefit recipients, equating to 2.5% of the overall total, being randomly selected from HMRC’s systems. Records for these people – including name, address, date of birth, and National Insurance number – was supplied to the Home Office via HMRC’s Secure Data Exchange System (SDES) platform.
The Home Office then took steps to “match this information against their arrivals and exits data to establish those customers who have left the UK without return within a specific period”.
Following this matching process, the HMRC is then provided with any details of when the benefit recipient left the UK, their initial destination and, where available, details of anyone that accompanied them on this trip. Data is returned vias SDES.
This matched data is then used by HMRC “to initiate enquiries [to] substantiate the identified risk” of possible fraud or ineligible receipt of benefits.
In the transparency publication, HMRC notes that tackling fraud and loss in Child Benefit is made more difficult by the fact that “unlike other benefit regimes, [we] may have very little contact with the customer… [we] could receive a claim for a new-born and the next contact with the customer could be at the child’s 16th birthday”.
Related content
- HMRC records 60% rise in serious personal data incidents in FY24
- EXCL: HMRC looks to improve intel with ‘tuning’ of 55 billion item compliance database
- HMRC consults on legal changes to collect more data from firms
HMRC indicated to PublicTechnology that it has not yet determined whether or not to deploy the data-sharing regime more broadly, and will first review the impact of the trial exercise.
A departmental spokesperson said: “We encourage Child Benefit claimants to notify us of any changes to their circumstances that could affect their claim. We believe this pilot will help us save taxpayers’ money by reducing error and fraud. However, we will assess its effectiveness before taking any long-term decisions.”
Security set-up
The transparency report sets out the data security measures undertaken by each department, including a commitment from HMRC that it will “only use it for the purposes that it has been disclosed for and ensure that only those with a genuine business need (linked to purpose) to see the information will have access to it”.
Both departments state that they will “not onwardly disclose the information without the prior authorisation of [the other] – other than what is provided for in section 56 of the Digital Economy Act”.
The tax agency will “store all data… on a non-networked system with restricted access to members of the Benefits and Credits analytics team”. Information will be retained only “for the time it is needed” before HMRC endeavours to “destroy it securely”
For its part, the Home Office pledges to “ensure effective measures are in place to protect personal data in their care and manage potential or actual incidents of loss of the personal data”.
These measures will include a commitment that “personal data should not be transferred or stored on any type of portable device unless absolutely necessary and, if so, it must be encrypted to the FIPS 140-2 standard and protected with a strong password”.
Employees provided with access to the information will be limited to “personnel from the Home Office Data Services and Analytics team who have the appropriate security clearance to handle the data… and have a genuine business need to access the data”.
All staff taking part in the exercise will be “adequately trained and are aware of their responsibilities” as per data-protection law and the terms of the cross-departmental agreement.
Both HMRC and the Home Office indicate that they will comply with the requirements of the Government Security Policy guidelines.
Further to what is outline in the transparency document, PublicTechnology understands that HMRC does not intend to deploy any form of automated decision-making in determining potential ineligible claims – and that staff will not assume a claim is fraudulent based purely on the Home Office intel.