Almost 100 staff at her Majesty’s Revenue and Customs (HMRC) have faced disciplinary action over IT abuse, a freedom of information act (FOI) requested by think tank Parliament Street has revealed.
The FOI found that 92 employees were investigated and disciplined for their behaviour over the past two financial years.
Email misuse was the most prevalent misbehaviour, with 11 employees given a written warning in fiscal 2019, which ended in March this year, compared to 15 employees in the prior year. Typically, those who were punished were often repeat offenders who had already received a final written warning for computer misuse, according to the think tank.
It was also revealed that, in the most recent fiscal year, nine staff members were taken to task over misuse of social media, including Facebook and Instagram – in the previous 12 months there had been no cases.
- Scottish Biotech Firm Secures £2m to Pioneer Blood Disease Treatment
- Scotland’s Technology Sector Contributes £4.9bn to the Economy
- New AI Tool to be Used by NHS Quickly Detects Heart Disease
Over 24 months, 13 were punished for misuse of telecommunications while 19 were penalised for wider misuse of computer or HMRC systems, of which eight were fired – the only instance of terminations over the period.
Compared to HMRC’s total number of full-time staff, 58,700, the number of those caught out is relatively small. However, it does raise concern of the possible misuse of HMRC’s systems, which could pose a serious threat.
“Tackling employee misuse of IT systems should be a top priority for all public sector organisations, particularly those which handle the financial data of millions of people,” claimed Christy Wyatt, CEO at Absolute Software.
“This kind of activity often involved individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach.”
The UK tax collector has previously been taken to task over its poor data protection practices. In May, the information commissioner’s office (ICO) issued HMRC an enforcement notice after it broke the law over its collection of biometric data from taxpayers.