The results of a Parliament Street think tank Freedom of Information request revealed that almost 100 HMRC staff faced disciplinary action for computer misuse.

Over the last two years, it was discovered that 92 HMRC employees had misused computer IT systems, with eight employees being sacked due to their indiscretions. 

The request found that the most common offence was the “misuse of email”, to which 15 written warnings had been issued between 2017-18, and an additional 11 in 2018-19. Those who were repeat offenders were issued with a final written warning for computer misuse. 

During 2018-19, nine written warnings were issued for the misuse of social media channels, in comparison to the previous year with zero. 

Additionally 13 HMRC employees were reprimanded for the misuse of telecommunications, whilst 19 were disciplined for the wider misuse of computer equipment or HMRC systems. 

An overall eight employees had been dismissed for “misuse of computer equipment.”

Although the figures on employee IT misuse is relatively small in comparison to its some 58,700 full-time employees on the payroll, there is a concern that the misuse of IT within HMRC could cause a serious threat. 

Christy Wyatt, Absolute Software, CEO, commented how tackling insider abuse should be a number one priority for the public sector, particularly with organisations that handle extremely sensitive data on millions of people.

“This kind of activity often involves individuals abusing access to personal information and in some cases sharing it, leading to a potential data breach.

“Organisations like HMRC need to adopt an enterprise resilience mindset not only around potential bad employee behaviour, but fortifying their overall security posture and risk management profile.”

Victoria Guiloit, Partner at Privacy Culture Ltd commented:

“Regardless of how embedded the awareness, education and training programme is a company is unlikely to achieve 100% compliance. However it is positive to see that HMRC are monitoring and tackling the problem as this can serve as both a deterrent to others and a piece of awareness in itself. Employees need to understand that there are consequences and that these have been applied.

“Without a balanced assessment of behaviour vs monitoring controls and resulting actions it’s difficult to confirm whether this figure is a fair representation of the level of abuse or if there is a wider problem.”

The post #Privacy: Nearly 100 HMRC employees disciplined over IT misuse appeared first on PrivSec Report.