A recent Taxation magazine article on the Glenn v HMRC case confirmed HMRC's powers to seize computers from business premises. AccountingWEB.co.uk members responded in Any Answers by looking at how practitioners might cope in a similar situation.
In the article, Jonathan Levy, head of the tax disputes resolution team at Reynolds Porter Chamberlain LLP, and Daniel Hemming set the Glenn case against the backdrop of new powers that HMRC has gained in recent years:
- FA 2007 introduced a new cross-duty penalty regime for inaccuracies in mainstream taxes
- FA 2008 included new information and inspection powers for the main taxes and further penalty harmonisation for stamp duties, inheritance tax, insurance premium tax and other less common taxes
- FA 2009 extended the information and inspection powers, and introduced a new penalty for carelessly or deliberating providing incorrect information in response to an information notice
● Glenn v HMRC judge ruled that computers fall within scope of Finance Act 2008 powers for HMRC to inspect documents.
● Computer seizures are becoming increasingly common, so be aware of your rights and have a clear strategy for dealing with such visits.
● Powers of seizure relate to specific clients; you are entitled to protect data stored in other files and if any of these relate to legal proceedings, the computer will attract legal privilege.
● Encrypting client data and storing off site can prevent fishing trips.
The Glenn case arose when HMRC officers turned up unannounced and without a warrant at the plaintiff's business premises on 4 February 2009. As part of their objective of inspecting business records, they disconnected and removed the company's computer server and 19 desktop PCs to examine their hard drives. The desktop machines were returned the next day and the server was returned on 6 February 2009.
The Glenn case turned on the court's interpretation of HMRC's powers of inspection, information and search at the time under section 118B of the Customs and Excise Management Act 1979 (CEMA 1979), and specifically, whether a computer can be considered a "document" in law.
Section 118(5) says that "if it appears to an officer to be necessary to do so, he may, at a reasonable time and for a reasonable period, remove any document produced [by the taxpayer]". The meaning of "document" was extended by s114 of the Finance Act 2008, but under the law that applied at the time of the raid, the taxpayer argued that s118B of CEMA 1979 did not apply to computers.
Mr Justice Lloyd Jones disagreed, and while conscious that he should give no wider reading to the legislation than Parliament intended, he took the view that since a computer "is a thing in which information is recorded" (as defined in the s114(2) of FA 2008), it fell within the scope of CEMA 1979.
"Although Glenn & Co (Essex) Ltd concerned different statutory provisions, the reasoning of the judge in that case is equally applicable to inspections carried out by HMRC under Sch 36 [FA 2008]," Levy and Hemming warned taxpayers and their advisers.
"Taxpayers need to be alive to the possibility of an HMRC inspection, which should be on at least seven days' notice but may be carried out without notice under certain circumstances, and the possibility of computers containing non-relevant information being removed from premises.
"Taxpayers need to consider in advance how they will react to such an inspection and may wish to consider whether they should have in place a clear strategy for dealing with such visits."
Being aware of your rights is the first step to ensuring HMRC does not exceed its powers, particularly where officers may be trying to inspect legally privileged material, the authors added.
Practical responses to computer seizures
These issues were examined at some length by AccountingWEB members in a subsequent Any Answers thread.
Malcolm McFarlin and Nichola Ross Martin urged readers not to worry unduly. "Most people have little to fear," said Ross Martin. "HMRC does not have the resources to try and interrogate everyone's computers. It is expensive for HMRC to undertake this type of fishing exercise and so it will be carefully targeted."
She also noted that while s114 FA 2008 permits HMRC to examine a computer, this power has not been tested before a tribunal.
But Cymraeg_Draig condemned the judge's "disgraceful ruling" in Glenn v HMRC and predicted it would be challenged in the Supreme Court. He and several other members offered suggestions for advisers who might experience the dreaded inspector's knock at their door:
- Know your rights - Cymraeg_Draig pointed out that any notice served by HMRC can be challenged in court on the basis for the demand, which would force the inspectors to demonstrate reasonable grounds for their search on a specific client. Holding client information in separate, encrypted folders "stops them going on a general fishing expedition through all your clients' files", he added (see below).
- Co-operate where necessary – HMRC is entitled to see the relevant client's information. If they want it, copy the client files onto an unencrypted memory stick and give it to them.
- Home computers - If you work from home, HMRC will need a court order to take your computer. Article 8 of the Human Rights Act offers protection for a person's private and family life, home and correspondence from arbitrary interference by the state. You are entitled to resist any attempt to force entry without a warrant, and HMRC will usually wait for police to arrive to gain entry, giving the adviser time to prepare a copy of that client's information to offer them.
- Monitor file access - HMRC officials would be abusing their powers if they viewed any records other than those for which the computer was seized, so any accountant whose computer is taken should insist it be returned to an independent, court-recognised expert to check the last dates all files were accessed. If any files other than the specified clients' were accessed while the computer is in HMRC's possession, the department would be in breach of the Data Protection Act and could be in contempt of court if any of the files relate to clients under investigation.
- Legal privilege - If you are involved in any ongoing court cases, storing the files relating to the case on the computer attaches legal privilege to the PC. If the information on your computer was to form part of the defence against any subsequent accusations subsequently made, HMRC would be breaching the Human Rights Act.
- Encrypting and storing data offsite – The Glenn ruling relates to "computers", but does not extend to other electronic storage media. So keep all client records on an external hard drive, or better still store them in an online storage facility. If you use an encrypted system, you are under no obligation to supply HMRC's inspectors with passwords other than for the client under investigation, explained Cymraeg_Draig [small correction here - see comment below - Ed]. "We have always kept each client's records in its own dedicated folder. It is simple if using a good encryption program to assign each client his/her own password. This has the further advantage of restricting access by staff to the files of only those clients that they deal with." Nichola Ross Martin was less certain about the consequences of withholding passwords from HMRC, which might incur fines for obstruction, but added, "I suggest that you seriously think about Cloud Computing, because that way you are only using your computer as a vehicle to access someone else's server. If the data is stored somewhere else and not on your premises then HMRC will have to try its luck at eking the details under its third-party information powers from the service provider."
"Is it not inconvenient having all your files encrypted?" asked chatman. But the response from those who do so was reassuring. "With the TrueCrypt program I use [non-Cloud], I encrypt a partition on my laptop hard drive... You just enter one password to access all of the data in that partition and don't have to enter any passwords again until you reboot the machine. The partition looks just like and works like any other shared drive."
Cymraeg_Draig takes a more thorough approach, entrusting client data to the online NOKvault, which provides 512-bit encryption and hides the files from sight. "What they can't find and can't see they can't ask for the password to," he added.
The difficulty in remembering large numbers of complex passwords was raised by aiwalters, who suggested maintaining a separate file of passwords in several locations, with its own more memorable password: "One way of doing this is by creating a free gmail account and emailing it to yourself."
Cymraeg_Draig suggested a system based on transposing letters in clients' names for numbers (e.g. A=1, Z=26) or phone numbers to letters. A written phone book listing clients' phone numbers doubles up nicely as a reference, he added.
View from PI Insurer
But how supportive would PI insurers be, particularly if you adopted some of the more robust defensive suggestions put forward by AccountingWEB members? On behalf of Aon, Luke Hamm responded that insurers would be unlikely to avoid a policy on the basis of whether or not the accountant encrypted data: "If the accountant could show reasonable skill and care in protecting the data he would have a very good defence, regardless."
On the point of HMRC's new information powers, he added, "for accountants who are not 100% sure on how to deal with their new powers and the can and can't dos, having a expert opinion is vital as without it you may not be acting in the client's best interest if the inspector is pushing their luck and your client gets hit with a penalty that could have been avoided. This is a PI client that we see quite often."
This article includes extracts from a longer piece originally published by Taxation, the market-leading weekly magazine providing news and features on UK tax law, practice and administration. A subscription costs £319 a year and includes full access to the online Taxation archive.
You might also be interested in
AccountingWEB’s Editor at large has been with the site since 1999, rising from news editor to editor in chief, global editor and head of insight. As a roving editor, he continues to investigate the profession's use of technology around the world. He devotes his spare time to technology history and an oddball collection of stringed instruments...