× Search rightsnet
Search options

Where

Benefit

Jurisdiction

Jurisdiction

From

to

Forum Home  →  Discussion  →  Housing costs  →  Thread

New HB urgent buletin update UI/2019 on access to information

Daimo65
forum member

Welfare Rights Southway Housing Trust

Send message

Total Posts: 17

Joined: 29 May 2015

Having read this several times I thought I would put it out there for knowledge and opinion.

I must admit to finding to of the little nuance’s somewhat worrying, as for collecting evidence in an appeal, be it by an adviser or by the individual themselves.  However I could be being some what paranoid. Below is the bulletin for view.

Who should read

All Housing Benefit (HB) debt recovery staff

Action

For information and action, where required

Background

1. In the course of our ongoing work to support local authorities (LAs) operating the Housing Benefit Debt Service (HBDS), HM Revenue & Customs (HMRC) identified a data security breach.

2. Specifically, an individual LA debt recovery staff member shared the HBDS data about a claimant directly with that same claimant. This was done with good intentions but ultimately led to the temporary suspension of the data share from HMRC to the Department for Work and Pensions (DWP).

3. This bulletin sets out to remind all HB debt recovery staff about their responsibilities in relation to data security and any remedial action their managers may need to take.

General data security responsibilities

4. To access and receive data in relation to HB administration, including debt recovery, all LAs must sign up to a memorandum of understanding (MoU) with DWP which is renewed each year.

5. The MoU sets out the responsibilities of both LA staff members and authorities as a whole in relation to every aspect of the security of the data we share with them. DWP reserves the right to suspend or cancel access to shared data should LAs not meet the requirements set out in the MoU or, if a serious breach was to occur, without taking remedial action.

Specific data security principles in relation to the HBDS

6. For the HBDS, the data DWP share with LAs is actually an onward share of HMRC data, which they have shared with DWP. This data share is covered by DWP’s MoU with LAs, and DWP also has signed a separate MoU with HMRC.

7. Both MoUs are explicit about the requirement of LAs (and individual LA staff members) not to onward share any data with any other individual or organisation, without the explicit permission of the data owner. So, in the case of the HBDS, the data owner is HMRC.

8. With regard to the data security breach in question, the LA member of staff believed it was okay to share an individual’s own HMRC earnings data with that individual, subject to identity checks. However, HMRC’s rules clearly count this as a breach of security.

9. There should be no routine reason for individuals to see proof, or require proof, of the earnings data LAs have received. Should an unusual circumstance lead to an LA’s need to demonstrate proof, for example in the case of a complaint, then it is vital for the LA to seek HMRC’s permission to do so. In such circumstances LAs should email .(JavaScript must be enabled to view this email address)

10. LAs should also be reminded, in this same context, that paragraph 4.2 of the Frequently Asked Questions for HBDS states that if a debtor asks where the data has come from, then they should be advised it has come from DWP. Similarly, if LAs receive Freedom of Information requests in relation to the release of HBDS data, they should be forwarded to DWP.

Timothy Seaside
forum member

Housing services - Arun District Council

Send message

Total Posts: 539

Joined: 20 September 2018

Two things strike me about this:-
1. It only relates to information being accessed by Housing Benefit debt recovery teams. So it’s about debt recovery, NOT benefit decisions. In that respect, it doesn’t appear to have any relevance to appeals, etc.
2. Even so, I can’t see how it can be lawful for a data controller to refuse to share a subject’s data with the subject. Debt recovery teams must be data controllers (rather than processors). Even if they are joint controllers, they are still liable for compliance with the data protection principles - so how could they fail to comply with a data access request (which, under the new DPA, can be made verbally, and does not require a fee)?

This smacks of an arrogant and ignorant attitude to people’s personal data. HMRC is referred to as the “data owner” in this bulletin - which suggests they feel they have some proprietary rights over the subjects’ data. Your earnings data is your own; HMRC collect it, and control it, but they do not own it.

HB Anorak
forum member

Benefits consultant/trainer - hbanorak.co.uk, East London

Send message

Total Posts: 2895

Joined: 12 March 2013

I’m pretty sure it’s not you being paranoid, it’s DWP and HMRC.  What possible objection could there be in principle to someone seeing details of their own earnings?  What are they going to do, complain to the ICO because someone showed them their own data? Ridiculous over-caution.  But DWP and HMRC make the rules so if LAs want the data they have to abide by the rules.

However, I don’t think it will impact on appeals because this issue concerns data used in the process of recovering an overpayment, after it has been established that the overpayment is recoverable.  Local authorities have the power to get direct deductions from earnings without a court order and I think the bulletin is referring to that process.

At the decision making stage and during any subsequent appeal where the Council has relied on HMRC earnings data through the separate “VEP” facility, evidence relied on should be included in the papers.  As I understand it VEP is subject to an entirely different data sharing protocol applying to a different cohort of earners.

It would be truly ridiculous to be in a position where you are not allowed to include the evidence you have relied on in an appeal submission - you would be laughed out of the Tribunal.  But fortunately I don’t think that the bulletin is referring to data used in decision making.

Daimo65
forum member

Welfare Rights Southway Housing Trust

Send message

Total Posts: 17

Joined: 29 May 2015

I can see where you are both coming from on the Appeal angle. My concern is the weird and wonderful interpretations we face when DWP or HMRC issue edicts to LA’s, a bit similar to UC interpretations of migrations etc.

I agree totally that it does show sheer arrogance of law, which sadly is now becoming the norm in many aspects of WFR.

Mike Hughes
forum member

Senior welfare rights officer - Salford City Council Welfare Rights Service

Send message

Total Posts: 3138

Joined: 17 June 2010

Slightly OT but GDPR is being held up elsewhere as a step in the right direction. Here’s an interesting little article about the idea that thinking about data ownership is out of date and unhelpful.

https://www.technologyreview.com/s/612588/its-time-for-a-bill-of-data-rights/