The Federal Board of Revenue has decided to place new safeguards in the database of taxpayers to ensure security of sensitive, confidential and classified data by enhancing existing security features in the electronic systems maintained by FBR.
Sources told Business Recorder here on Sunday that the FBR has taken the decision at the level of the last Board-in-Council meeting chaired by FBR Chairman Tariq Bajwa. Board-in-Council discussed the issue of security of data and taken measures to improve security features. During the meeting, Safdar Hussain, FBR Member (Legal) drew attention towards the findings of former Federal tax Ombudsman (FTO) Dr Shoaib Suddle regarding concerns about vulnerability of the security of data with Pral. The Board-in-Council directed Pakistan Revenue Automation Limited (Pral) to look into any loopholes in the existing security system and also to enhance the existing security features so that sensitive data was not compromised.
Sources further said that the serious matter of insecure classified and confidential data of taxpayers has been taken up by the former FTO Dr Shoaib Suddle during his tenure on a complaint filed by a Lahore-based tax lawyer Waheed Shahzad Butt vide C.No 20/ISD/FBR(1)/507/2013.
The FTO has observed that the FBR appears to have badly failed to devise a secure automated online system to safeguard confidential and classified data of taxpayers. The FBR had been directed to commission a thorough investigation by a credible third party in relation to the vulnerabilities of the FBR e-system.
In order to highlight the easy access to the taxpayers' classified/confidential data, the complainant in that case filed the withholding tax statements of government departments successfully and filed these documents to the FTO office in his complaint as proof. He filed the WHT statements of ECP, Federal Public Service Commission, Cabinet Division, and FTO office. The complainant has alleged maladministration on the part of the FBR involving negligence and incompetence in ensuring security/safety of taxpayers' confidential and classified data. The complainant practically demonstrated how easy it was to have unauthorised access to confidential data of any taxpayer. It was also demonstrated that it was not necessary to use the mobile number of the taxpayer to break into the system. Any mobile number could be used to show a taxpayer as a client. Also, the data of a taxpayer could be manipulated without his permission, consent and knowledge.
The complainant further added that for adding a taxpayer as a client, it was necessary to attach an authority letter from him, which was not being followed by Pral. A taxpayer having NTN certificate and e-enrolment is required to confirm through his mobile number his e-mail address which is already available with Pral. Only after checking his email Pral is supposed to send activation code only to the taxpayer's number.
The FBR appears to have badly failed to devise a secure automated online system to safeguard confidential and classified data of taxpayers. Gross negligence and incompetence together with possibility of collusion of Pral employees with criminal elements could not be ruled out. All this is reflective of maladministration as defined in Section 2(3) of the FTO Ordinance 2000, FTO Order said.
The FTO order further suggested FBR to take immediate remedial steps to ensure fool proof security of taxpayers'' data; create a system where addition of a client of EI is predicated on verification by the Commissioner concerned. The system must not issue the activation code without the electronic approval by the Commissioner; ensure that annual withholding statements and withholding certificates etc generated through the FBR's web portal do not end up in fraudulent criminal hands; commission a thorough investigation by a credible third party in relation to the vulnerabilities of the FBR e-system, the FTO order added.
Comments
Comments are closed.