(2) what safeguards are in place in his Department to prevent more information than is required by the National Audit Office being passed on for auditing purposes;
(3) which Acts of Parliament permit disclosure of information which is held by HM Revenue and Customs in accordance with section 18(3) of the Commissioners for Revenue and Customs Act 2005.
Each request is judged on a case by case basis and the National Audit Office should provide a clear explanation of why they want to see particular data and limit requests to that data required to fulfil their audit responsibilities.
For each audit HMRC appoint a senior official who has overall responsibility and a designated contact point to oversee day to day activity, including enquiries and information requests.
Following the child benefit data loss incident, HMRC have introduced more stringent data handling procedures, which require that the bulk transfers of customer data only take place with adequate security protection.
For more detail on the changes made, I refer the hon. Member to Kieran Poynter’s interim report that was published on 17 December 2007 and is available in the Library of the House.
Various Acts of Parliament permit disclosure of HMRC information. I refer the hon. Member to HMRC’s Information Disclosure Guidance manual at:
http://www.hmrc.gov.uk/manuals/idgmanual/.