Data Usage Agreement - local authority Digital Economy Act debt recovery data share pilot
Published 19 October 2023
This Data Usage Agreement between local authorities and HMRC to manage and reduce Council Tax debt was agreed and put in place in 2018.
1. Conditions of disclosure of information by HMRC
HMRC disclose this information to the local authorities listed in Annex A by virtue of the legal basis of section 48 of the Digital Economy Act (DEA) disclosure for the purpose “to reduce debt owed to the public sector” on the condition that all 29 of the local authorities listed in Annex A undertake to:
-
complete a Data Protection Impact Assessment (DPIA)
-
adhere to the Digital Economy Act Code of Practice and complete all relevant documentation and have ministerial approval
-
adhere to this Data Usage Agreement (DUA)
A DPIA has been completed by each local authority listed in Annex A. A DPIA has been completed by HMRC to go alongside this DUA.
At 31 March 2018, the total amount of outstanding Council Tax in England stood at £3 billion (this is a cumulative figure from the introduction of Council Tax in 1993).
For 2017 to 2018, local authorities in England collected £27.5 billion, with arrears of £818 million. Therefore approximately 3% remains uncollected.
The purpose of this pilot is to measure the potential yield the local authorities could have if they were to use HMRC data for an attachment of earnings order. Alternatively, it will confirm what data items are most effective for obtaining accurate address information for those customers who have a Council Tax debt.
1.1 Purpose
The listed local authorities have identified that HM Revenue and Customs (HMRC) Pay As You Earn (PAYE) and Self Assessment data as potentially useful, and could support managing overall Council Tax arrears and further develop its recovery procedures, by analysing the data provided by HMRC to:
-
identify customers whose circumstances make them vulnerable and providing appropriate support and appropriate recovery action, where they engage with the local authority
-
recover individual Council Tax debts by attachment to earnings orders, for those in employment, where appropriate
-
recover individual Council Tax debts by attachment to benefits orders, for those receiving benefits, where appropriate
-
undertake other recovery action for those who are not identified as vulnerable, including the use of enforcement agents and other legal avenues
-
reduce the use of enforcement agents and associated costs to customers
This is a significant improvement from the current process and allows the local authorities to take positive action to recover the debt from those customers who are not engaging in the process and have already been informed of the action the local authority may take.
1.2 Data specification
The area within HMRC who will be carrying out the matching will be Risk and Intelligence Services (RIS).
Twenty-eight local authorities will send an Excel document to HMRC via email over a secure network. This file will be password protected and the password sent to HMRC via email over a secure network.
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
Each Excel file will contain a maximum of 4,000 debt records. The data items relating to these customers are as follows:
-
full name (title, first name, middle name or initial, surname)
-
debt address, including postcode
-
forwarding address and dates
-
local authority name
-
local authority reference number
-
date of commencement of liability order
-
customer account reference number
RIS will use the customer information to match into connect and Real Time Information (RTI). If the address provided by the local authority does not match the address held by HMRC, then previous addresses will be used as a match. If the customer information is a successful match, RIS will return the following data items:
PAYE data
-
current HMRC address
-
employer name
-
employer address
-
employer PAYE reference, including district number
-
employment start date
-
employment end date
-
employment pay frequency
-
last payment date
-
pay period
-
payroll ID
-
pay year to date broken down into gross and net
Self Assessment data
-
current HMRC address
-
date SA record set up
-
tax year of last completed Self Assessment return
-
SA total income, broken down into taxable income and non-taxable income
-
income from trusts and estates
-
income from dividends and foreign companies
-
income from UK land and property
HMRC will cleanse all data prior to returning the matched information to the relevant local authorities. This will ensure data quality and the returned data will meet HMRC standards.
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
If a customer clears an outstanding debt following the information received from HMRC, and they fall into arrears in the future, a new request for the same information must be made by the relevant local authority.
HMRC will delete the file immediately after the relevant local authority has confirmed receipt.
All colleagues employed by the relevant local authority will have a business need to access the information. They will be limited to data analysts and debt recovery officers. All users within the local authorities have signed data disclosure agreements and, more recently, GDPR training.
Annex A contains a list of all local authorities who will be taking part in this data share.
1.3 Data security
Local authorities will undertake to:
-
move, process and destroy data securely, in line with the principles set out in HM Government security policy framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information
-
only use it for the purposes that it has been disclosed for and ensure that only those with a genuine business need (linked to purpose) to see the information will have access to it
-
HMRC will store all data supplied by the local authorities in a secure controlled access folders (CAF), with restricted access to members of RIS who are directly involved in the data share and only keep it for the time it is needed, before destroying it securely on the agreement of all parties
-
not onwardly disclose the information without the prior authorisation of HMRC other than what is provided for in section 48 of the Digital Economy Act
-
comply with the requirements in the security policy framework, and be prepared for and respond to security incidents and report any data losses, wrongful disclosures or breaches of security relating to information
-
mark information assets with the appropriate security classification and apply the appropriate baseline set of personnel, physical and information security controls that offer an appropriate level of protection against a typical threat profile as set out in government security classifications
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
1.4 Data file transfer
HMRC and local authorities’ agreement
-
ensure that the data match input file (data sent by local authorities) is sent to RIS at HMRC - the data must be sent by government secure email, password protected, with the password sent independently of the data
-
ensure that the data match output file is sent by HMRC to the relevant local authority contact listed in Annex A - the data must be sent by government secure email, password protected, with the password sent independently of the data
1.5 Data processor and data owner
Local authorities and HMRC are data controllers and HMRC is acting as data processor, using definitions as set out in the Data Protection Act 2018.
1.6 Freedom of Information
If an FOI request relating to this information is made to the local authorities, their FOI team will engage with HMRC’s FOI team regarding the potential impact of disclosure.
Any disputes or security and data breaches relating to this information transfer should be reported to the contact listed in Annex A.
1.7 Costs
HMRC will recharge the 29 local authorities for the time taken to provide the data and the governance documents for the local authorities to have the relevant data to assist in this project.
The local authorities listed in Annex A have confirmed that they have funds available for costs incurred by HMRC for this data share.
1.8 Disputes
This content has been withheld because of exemptions in the Freedom of Information Act 2000.
2. Annex A
Email address for the below local authorities have been withheld because of exemptions in the Freedom of Information Act 2000.
Barnsley Metropolitan Borough Council
Birmingham City Council
Bolton Council
Bradford Metropolitan District Council
Brighton and Hove Council
Carmathenshire Council
Cornwall Council
Coventry City Council
Dudley Metropolitan Borough Council
Rotherham Metropolitan Borough Council
Salford City Council
Sandwell Metropolitan Borough Council
Solihull Metropolitan Borough Council
Southwark Council
Tower Hamlets Council
Wakefield Council
Walsall Council
Wealden District Council
City of Wolverhampton Council
Ealing Council
Eastbourne Borough Council
Islington Council
Royal Borough of Kensington and Chelsea
Kirklees Council
Lewes District Council
Manchester City Council
Medway Council
Newham Council
North Hertfordshire District Council