top stories

Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. For practitioners, this is particularly relevant given the huge amounts of data that it holds on behalf of clients – personal tax data, payroll data, etc.

In 2009, an unregulated practice in Abergavenny had its computers hacked by criminals who used the details of self-employed workers (including their unique tax reference numbers) to enter the HMRC gateway and claim for rebates to be paid into a specially set up bank account. Cases like this rarely make it into the press but serve as a warning to all practitioners about the importance of data security.

ACCA has provided some basic guidance on this area through the links below.

Articles from Internal Audit e-bulletins

Below you will find relevant articles from Internal Audit e-bulletins. Internal Audit e-bulletin is published quarterly and is ACCA UK's e-bulletin for internal audit professionals. See below relevant articles:

• information security: a holistic approach
• hiring the right hackers
• data loss prevention.

International Association of Accountants Innovation and Technology Consultants (IAAITC)

It is a requirement of the Data Protection Act 1998 (DPA) that all businesses handling personal data have an information security policy in place. The IAAITC Information Security Framework (ISF) can assist in meeting that obligation. The DPA is a logical starting point in developing an information security policy. Any business failing to comply with the DPA is guilty of a lack of due care, and potentially leaving itself and its clients, open to enforcement notices and/or fines. Visit the IAAITC ISF website for further information.

• Data Protection Act 1988
• The Data Protection Act 1988 ca be accessed here.
• HMRC online security for agents
• [06/10/11] HMRC has updated its security guidance for tax agents.

Back to top