Chief Executive Pakistan Revenue Automation Limited (PRAL) has submitted a report to the Federal Tax Ombudsman (FTO) to ensure confidentiality of the taxpayers returns data for which a new password policy and restricting User Login to a specific IP have been initiated to be implemented by the end of August 2016.
It is learnt that a key recommendation by the FTO is pending implementation despite dismissal of FBR''s representation by the President of Pakistan, on the issue of taxpayers'''' confidential data theft, which shall now be investigated by Federal Investigation Agency (FIA), involving FBR/PRAL officials who illegally accessed confidential data pertaining to taxpayers'' assessment.
When contacted tax lawyer Waheed Shahzad Butt, Advocate who represented this case before the FTO and President told this correspondent that in this landmark order FTO holds that any person who, in contravention of Section 216 of Income Tax Ordinance, 2001 discloses any particulars of taxpayer''s assessment record is guilty of an offence which is punishable, on conviction, with fine &/or imprisonment.
Earlier, President while rejecting the representation filed by FBR has validated the order passed by FTO wherein a landmark case of unique nature was decided by FTO Abdur Rauf Chaudhry. Resultantly, a unique case of data theft will be investigated by Cyber Crimes Wing of the FIA and FBR, involving tax officers, who illegally accessed confidential taxpayers'' assessment record.
Taking serious notice of the situation, FTO Abdur Rauf directed the FBR to conduct enquiry to determine how and why complainant''s assessment record was accessed by a number of FBR officials when they were not charged with conducting any enquiry involving him in any manner, nor were they involved in assessment of his income for any tax period.
The FBR should devise a foolproof SOP in consultation with the National Response Centre for Cyber Crimes wing of FIA to protect the confidential data of taxpayers. The FBR should also enforce strict confidentiality of passwords assigned to field officers for purposes of accessing taxpayer''s electronic record: FTO order added.
Chief Executive PRAL''s report stated, "All systems developed by PRAL/FBR enforce encrypted password as per international standards. Complete Log of IP-Address and time stamp etc is recorded for Audit trial. Through portal, all FBR user have been intimated to keep password confidential and change periodically at least once in 3 months.
Compliance of Honourable FTO, password policy and restricting User login to a specific IP have also been initiated. Both features will be implemented by the end of August 2016. Roles/privileges assigned to all user are defined by FBR which restricts users to access relevant data only, the CEO PRAL stated.