![]() House of Commons |
Session 2007 - 08 Publications on the internet General Committee Debates Pensions |
Pensions Bill |
The Committee consisted of the following Members:Mark Hutton, Committee
Clerk attended the
Committee Public Bill CommitteeThursday 31 January 2008(Morning)[Janet Anderson in the Chair]Pensions BillFurther written evidence to be reported to the HousePE 21 Pensions Action
Group PE 22 Dave
Baker PE 23
Which? PE 23A
Which? PE 23B
Which? PE 23C
Which?
Clause 42Disclosure
of information by Revenue and
Customs 9.30
am Question
proposed, That the clause stand part of the
Bill.
The
Chairman: With this it will be convenient to discuss
Government new clause 14Disclosure of tax information
etc.
The
Minister for Pensions Reform (Mr. Mike
O'Brien): I welcome you, Mrs. Anderson, and all
members of the Committee back to our consideration of the
Bill. I
will urge that clause 42 does not stand part of the Bill on the basis
that we intend to replace it with new clause 14. Clause 42 allows Her
Majestys Revenue and Customs to share information with the
Pensions Regulator to enable the regulator to perform its compliance
activities. That data sharing is crucial in making sure that employers
comply with the new duties created in the Bill. It is vital that the
Pensions Regulator is aware of all employers who should register and
how to contact them, if required. HMRC is the best source of this
information because of its pay-as-you-earn activities. Clause 42 also
allows HMRC to share information about non-compliance that it has
collected through tax and minimum wage activities. This will help the
Pensions Regulator to identify which employers are more likely not to
comply with their duties.
However, the
Government recognise that clause 42 has room for even tighter
safeguards. In particular, under the clause, it would be possible for
the regulator, or its agents or contractors, to disclose onwardly
information received by them from HMRC without being in breach of the
law. We have therefore tabled new clause 14 to replace clause 42 and
address its deficiencies.
New clause 14 would make it
even clearer that while the Pensions Regulator can make full use of
transferred
HMRC data for its internal functions, the onward disclosure of that data
by the regulator would be prohibited in all but a defined set of five
specified circumstances: first, when HMRCs authorisation for
onward disclosure has been obtained; secondly, when the data are needed
for any criminal proceedings; thirdly, when the regulator is involved
in proceedings, including civil proceedings, under its existing and new
powers; fourthly, when the disclosure enables or assists the Pensions
Regulator to carry out its functions; and, fifthly, when the data have
been anonymised.
New clause 14
would also streamline legislation providing for data sharing between
the two bodies. HMRC already shares information with the Pensions
Regulator to assist with the regulators existing functions.
However, a single gateway for data flow from HMRC to the Pensions
Regulator would be both more transparent and more elegant than adding
multiple patches to the old gateway set out in the Pensions Act 2004.
New clause 14 would replace the existing gateway between HMRC and the
regulator with one that would allow the flow of data for the
regulators old and new functions. There would thus not be the
difficulty of having information flowing from HMRC to the regulator
through one of two separate gatewaysthere will be just
one. Furthermore, the
new combined gateway will improve the regulators ability to
carry out its existing functions, making clearer the ways in which it
can and cannot onwardly disclose data received from HMRC. I am sure we
will have a little fun on datano doubt we can look forward to
thatbut the new clause is the result of our looking very
carefully at the wording of the old clause 42 and taking a view that we
could tighten it up to ensure that things were clearer. I hope that the
Committee will be able to support the removal of clause 42 and, in due
course, the insertion of new clause
14. Andrew
Selous (South-West Bedfordshire) (Con): May I also welcome
you back to the Chair, Mrs.
Anderson? Conservative
Members called for proper sharing of information between the regulator
and HMRC in earlier debates because we wanted it to be as easy as
possible for employers to provide the required information to the
authorities. We thus completely support the principle of new clause 14
and understand the reasons why the Minister wants to delete existing
clause 42. He is right, however, that I will ask him about security, in
particular with regard to data-sharing. Will there be secure
transmission? Will the data be encrypted when they are passed from one
organisation to another? This is extremely personal and private
information about how much people have paid, how long they have worked
somewhere, when they started, their home address, and so on. In the
light of recent events, we seek as much reassurance as possible from
the
Minister. Mr.
Nigel Waterson (Eastbourne) (Con): I am following my hon.
Friends argument intently. Did he see, as I did the other day,
that the Ministry of Defence is apparently banning its staff from
removing laptops from the building? That defeats the object of having a
laptop, to an extent, but does he think that there should be a similar
rule for these data?
Andrew
Selous: My hon. Friend is absolutely right that laptops
are extremely vulnerable. They can be left on trains and they can be
stolen from cars, which has happened quite a lot recently. That is
exactly the sort of practical detail relating to the passing on of
these data on which it would be good to have reassurance from the
Minister. The data would include the pay details of up to 7 million of
our fellow citizens. Were something to go wrong, it would be on the
scale of the child benefit data loss earlier in the year. The Committee
is owed a full and detailed explanation of how the security will be
planned, so I look forward to the Ministers
response. Danny
Alexander (Inverness, Nairn, Badenoch and Strathspey)
(LD): It is a pleasure to welcome you back to the Chair and to
serve under your chairmanship, Mrs.
Anderson. Having
head the Minister, it is clear that new clause 14 is a significant
improvement on clause 42, so we endorse his plan to substitute clause
42 with that new clause. It is clear that the motivation behind that is
to ensure that there are appropriate safeguards for how the Pensions
Regulator can make onward use of the information, which makes a lot of
sense. The five reasons why the Pensions Regulator may distribute
information onwards also make sense and fit with the proper discharge
of its functions in the context of the
Bill. It
would be useful to hear more from the Minister on the point that the
hon. Member for South-West Bedfordshire mentioned about the safeguards
for the practical transfer of data. This is not a question of having
fun. I think that over the past two or three months, not just HMRC, but
other Government organisations, have lost 33 million pieces of data,
sometimes in small numbers and sometimes in large numbers. It is not
just central Government, because the Scottish Government have had
similar failings, so there is clearly a problem with those processes
across
Governments. Will
the Minister tell the Committeeit go on record in case the
issue ever has to be considered againwhat importance he
attaches to safe and secure procedures? For example, does he envisage
that the data would need to be encrypted before transfer to the
Pensions Regulator? The procedure of CDs changing hands through the
post with alarming frequency has been criticised several times, not
least in the Governments own review of the matter. Does the
Minister set the highest store by ensuring that the procedures are as
secure as possible? While the scale of potential data loss might not be
as large as in previous cases, the loss of even one piece of datum is
none the less one piece too many. Can the Minister give the Committee
further reassurance on the practicalities behind the new clause so that
it may be
welcomed?
Mr.
O'Brien: First, it is vital to ensure that data are
transferred safely and securely. That is even more the case in the
light of security breaches in recent months at HMRC and elsewhere.
However, let me put the sort of data we will need in context. We will
need the names and contact details of employers, the numbers of
employees working for those employers and the numbers of people in
pension schemes. We might need the names and national insurance numbers
of those employees, but that would probably not be necessary in the
vast majority of cases, and perhaps only when the
regulator was carrying out a more detailed investigation. Therefore, the
data being transferred will contain somewhat limited
details. It is still
important, however, that the procedures for data transfer covered by
the Bill are carefully developed and agreed in the coming years so that
we can ensure that this is done properly. Those procedures will be
informed by the outcome of various reviews that the Prime Minister
commissioned following the HMRC data handling issues. We want to ensure
that there is good data safety in government and that the framework of
the Data Protection Act 1998 works. However, it is important that the
legislation is sufficiently flexible to allow operational procedures to
be refined in the light of reviews and best practice that are
applicable to both HMRC and the
regulator. At present,
the regulators procedures include electronic transfer, when
possible, and encryption, when disk transfer is used. HMRCs
procedures already involve measures such as the monitoring and logging
of access and the protection of physical transported media.
HMRCs procedures have been newly strengthened to include using
automated electronic transfer whenever possible, encryption when
physical transfer is needed, and approval of any significant bulk
transfers from a senior member of
staff. In addition,
the Data Protection Act sets out the framework enforced by the
Information Commissioner and the courts, and continues unaffected by
the Bill. Therefore, there are new procedures coming into effect to
deal with this issue of data transfer. Current reviews have identified
changes that need to be made, and we have four years to ensure that
they are put in place. Any subsequent reviews that occur during the
coming years will also be able to identify and set out any further
changes that might be needed. We have the time to put those in
place. I can give a
lot of reassurance on transferring data because of the long lead-in
time. Current procedures will be applied, and any further new
procedures that enable us better to secure the transfer of data can be
put into place in the run-up to 2012. With those reassurances, I hope
that hon. Members will be able to approve the changes that I have
suggested. Question
put and
negatived. Clause
42 disagreed
to.
Clause 43Information
for private pensions policy and retirement
planning
Mr.
O'Brien: I beg to move amendment No. 152, in
clause 43, page 19, line 21, leave
out from first planning to end of line 22 and
insert and the Northern Ireland
Department have the same meaning as in paragraph
2..
Mr.
O'Brien: Clause 43 allows the Pensions Regulator to share
the information that it collects with the Department for Work and
Pensions and its Northern Ireland equivalent.
The aim of the clause is to ensure that we are able to make the changes
as far as Northern Ireland is
concerned. 9.45
am Clause 43
mentions Northern Ireland in strict legal terms, but the gateway
between the Pensions Regulator and HMRC provided in that clause does
not extend at present to Northern Ireland. Clause 43 does not define
the exact meaning of Northern Ireland Department. These
technical drafting amendments are intended to clarify what the term
Northern Ireland Department meansthe Department
for Social Development in Northern Irelandand formally to
extend the provision contained in clause 42 to Northern
Ireland. Amendment
agreed to.
Amendment made: No. 153,
in clause 43, page 19, line 22, at end
add (1A) Section 323 of
the Pensions Act 2004 (c. 35) (extent) is amended as
follows. (1B) In subsection
(2)(c) (provisions extending to Northern
Ireland) (a) for
paragraph 2 substitute paragraphs 2 and
4; (b) for that
paragraph substitute those
paragraphs. (1C) In
subsection (4), for paragraph 2 substitute
paragraphs 2 and 4..[Mr.
Mike
O'Brien.] Clause
43, as amended, ordered to stand part of the
Bill. Clause 44
ordered to stand part of the
Bill.
|
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | |
©Parliamentary copyright 2008 | Prepared 1 February 2008 |