The report of the Finance General Inspection (IGF) on the case “VIP list” is peremptory: a list existed and the measure, designated “ alarms – access to personal data”, was “unfounded, arbitrary and discriminatory “. The same document absolve, however, Secretary of State for Fiscal Affairs, Paul Nuncio, who, according to the IGF, was not informed of the existence and functioning of the measure.
According to the report, released on Tuesday, the tax authorities used a system to monitor the data of the President, the Prime Minister, the Deputy Prime Minister and Secretary of State for Fiscal Affairs from 29 September last year and March 10 of this year.
“A ‘alarms – access to personal data’ has been in operation between 29 September 2014 and 10 March 2015, having its beginnings occurred just prior to the order for authorization of the former deputy director-general of the Tax Authority (AT), on 10 October, and its completion was found only in the month following termination of decision of the alert procedure, established in February 23, 2015, at former director general of AT, “reads the document.
The organization led by Vitor Braz concludes that, with this system,” services began to monitor access to data Personal four taxpayers – President of the Republic, Cavaco Silva, Prime Minister Passos Coelho, deputy prime minister, Paulo Portas, and Secretary of State for Fiscal Affairs, Paulo Nuncio. ” The idea is to protect the confidentiality of these four tax payers, which would be “more exposed to the curiosity of workers.”
For the IGF, this alarms system ‘was thus a measure unfounded, arbitrary and discriminatory, and grossly inefficient and ineffective to protect the confidentiality of tax payers “.
However, the report does not attribute responsibilities to the Government, including the Secretary of State for Fiscal Affairs, noting that the measure was managed “exclusively by an official of AT [Tax Authority].”
“Former Director General of AT did not inform the SEAF [Secretary of State for Fiscal Affairs] of the existence and operation of the” alarms – access to personal data ‘ “reads the report.
The IGF not only destroys the functioning of the Treasury, but also makes several recommendations. The organization recommends that the AT to initiate disciplinary procedures against the officers involved in the creation from that list, considering that the acts may represent “different offenses, degrees of guilt and blame.”
In its conclusions, the IGF asks the AT “be given to the initiation of disciplinary procedures to employees and directors involved in the definition, approval and implementation of the ‘alarms – access to personal data’ [so-called 'VIP list']. “
PSD says report is” lesson of caution “to the opposition
The vice-president of PSD bench defended since the report of the Inspection General of Finance on the VIP list of the Treasury gives a “lesson of caution and conservatism in opposition.”“At the time it was discussed as a list called ‘VIP’ oppositions meant that the government has always had knowledge, some dared to say it had been made by order of the government.” The report “confirms that the government always spoke truth, the prime minister told the truth, that you Minister of State and Finance spoke truth and that Mr. Secretary of State for Fiscal Affairs [Paul Nuncio] spoke truth.”
“No government official has given any indication that he might be created to list called ‘VIP’, she was born spontaneously by the Tax Authority services and was born according to the instructions that were given by technical and heads of the Tax Authority. Furthermore, when the Government asked the Tax Authority if there was such a list was told that there was “added Hugo Soares.
The ‘vice’ of PSD bench also wanted to “regret the stance” the president of the union of workers of taxes, that “even said that was initiated a wide range of disciplinary proceedings because of ‘VIP’ list when today we know that was not brought any. ”
Hugo Soares acknowledged that “things did not work well” in the Treasury, where “apparently the protection of tax data did not exist”, but stressed that there are measures planned by the government, including timing.
Also a Member of the CDS-PP Vera Rodrigues argued that the report “leaves in black and white” that the VIP list was a mechanism that worked temporarily at the sole initiative of the IRS ruling.
“This report proves that the truth always comes to the surface and that there was at no time any interference at the political level on the list called ‘VIP’. This IGF report leaves black and white what there was, yes, it was a mechanism that was temporarily in operation at the sole initiative of a leader of the Tax Authority, “he told reporters in parliament. I said:
“From the beginning we said we had to wait calmly for this report and it was necessary to separate and make a clear line of difference between the innuendo and the facts. During the hearings, the opposition was losing his speech, he was zigzagging on the grounds and on a resignation understood that justified the Secretary of State for Fiscal Affairs “
Tax Authority only controls 13% of hits coming out
Still on the survey findings, the IGF says the Tax and Customs Authority (AT) only has information for the control and accountability of 13% of access to the data of taxpayers made by external users.
“AT only offers relevant information and allowing adequate control and accountability for access to their systems in respect of 114 of the 893 external users (13%).”
Plan Corruption Risk Management and Related Offences AT is provided only the risk of “improper assignment of access privileges and disclosure to third parties of information on the security architecture, with subsequent absence measures for the prevention and mitigation of unauthorized access. ”
In this sense, the IGF recommended that this plan be reworded to “adopt preventive measures specific to the level of assessment and mitigation of the risk of unauthorized access (internal and external) tax information.”
There is a “safety control absence of fiscal data internally, including the verification of unauthorized access by employees,” motivated by a “non-existent definition of risk” associated these accesses and the “improper assumption” that all the information inside the AT “is protected by the duty of confidentiality to which workers are required.”
The organization also suggests that be defined “in detail” the immediate response actions when these attacks occur. ” Criticizes still “insufficient awareness of workers and the AT, on the principles that guide public service” and “ethics and standards of conduct necessary for the conformation of action of an entity with the powers of the Tax Authority and Customs.”
In this sense, the IGF recommended, among others, “the creation of a unit for ethics, to ensure the implementation of the principles and rules of conduct, clarifying doubts and appreciation of irregular situations.”
The IGF also advocates the creation of an “application addressed to prior registration procedure in computer applications and / or administrative act that justifies access to tax information from taxpayers, to prevent unauthorized access and allow subsequent control of the respective law. ”
Another suggestion is a “reformulation of security policy and the rules of access to tax data”, similar to the system ‘e-invoice’ which only allows access “by prior registration of offense proceedings or the corresponding differences process. ”
No comments:
Post a Comment