Financial firms may face compensation claims for breaking data protection laws if they send the wrong information to HM Revenue and Customs under new FATCA laws.
HMRC flagged the issue in recently published guidance notes.
The tax man warns that under section 13 of the Data Protection Act, a person can claim compensation if they suffer damage because wrong data was passed to a third party about them. They can also claim for any ‘distress’ that is caused by erroneous data and sue the US authorities.
The UK was one of the first countries to sign up to the Foreign Account Tax Compliance Act (FATCA) which is aimed at finding those US taxpayers who have undeclared assets abroad.
Compensation for errors
Failure to comply with the act for financial institutions is stiff – with the prospect of a 30% withholding charge on financial transactions made in the US.
However, industry experts have already pinpointed that the act is asking for information which many institutions will struggle to provide since they have either not asked the account holder for the relevant information or their IT systems are not designed to deliver the data in a report.
The room for error is huge, and as a consequence a financial institution could face a legal claim from US citizens for getting their data wrong.
Complying with FATCA has already led the UK and a number of other countries to enter a bilateral tax agreement with America. This lets financial institutions comply with data and confidentiality laws by allowing information to be exchanged at government level.
To protect themselves, a financial institution will have to prove reasonable steps were taken to get the data right.
No permission needed
More importantly for financial institutions, HMRC has clarified that they do not need the permission of the account holder to divulge their information – they will, however, need to inform them that their information is available to US tax authorities.
A spokesman for HMRC said: “The Data Protection Act (DPA) has some fairness requirements that need to be met and individuals should be informed that their account details will be given to US authorities.
“However, because that transfer is to meet a legal obligation then the consent of the account holder is not required.”
The spokesman added that individuals have a right to claim compensation if they suffer damage from a breach of the DPA – which means that the financial institution concerned and the HMRC, which would be the data controllers for FATCA information, would then be liable for any claim made.