After years of lobbying IRD Service Delivery has finally published a policy in respect of how staff will interact with stakeholders via email.

At time of writing the policy is buried in the tax agents section of IRD’s website but applies to all stakeholders and all service delivery including investigations, debt management and customer service.

It is surprising and very disappointing that this has taken until now especially given the government’s and state sector’s lauded focus on better public services with a key focus area that has been in place since 2011 – Improving Interaction with government, New Zealanders can complete their transactions with the Government easily in a digital environment.

At time of writing, the policy applies to all stakeholders and all service delivery including investigations, debt management and customer services.

And while I suppose we should be grateful that IRD have finally published a policy, it is not without complications and significant areas for improvement i.e.

  • It remains somewhat obscure and incomplete
  • It is buried in the Tax Agents section of IRD’s website (what about other stakeholders?)
  • To make any sense of it I found myself carrying out a line by line analysis with more practical interpretation (surely IRD could write in plain language to assist compliance?)
  • It contains nonsensical rules such as When replying to an email IRD must delete the previous communications
  • It includes protocols that IRD staff ignore- IRD staff should switch on ‘read replies’ so a sender knows when IRD has opened an email

Background

Until recently each division of IRD was left to write its own email policy, and then delegated that down to individual offices and even individuals. The result was a mish mash of poorly written, inconsistent and self-contradictory rules that were all but impossible to follow.

IRD’s paranoia over email was magnificently illustrated when they refused to release a copy of the policy until I issued an Official Information Act (OIA) request early in 2016.

IRD policy per website

http://www.ird.govt.nz/contact-us/?topic=online-email-us-consent

Postscript:  Subsequently IRD removed the policy without notification.  Here is a link to a copy oin Owens Tax archives

https://www.dropbox.com/s/bxlhtih8fylsvnu/Email%20Policy%20November%202015%20-%20for%20publishing%20on%20IRD%20website%20draft.pdf?dl=0

Appendix 1: Interpretation of IRD’s Email Policy

To assist stakeholders wanting to communicate with IRD through email, we have provided interpretation of IRD’s email policy in the attached tables;

  • Interpretation of the rules along with our comments cross referenced to the policy as currently published (February 2016)
  • IRD published policy and our comments

Owens Tax Advisors – interpretation of IRD email rules (two pages)

We have set out below our interpretation of the rules along with our comments cross referenced to the policy as currently published (as at March 2016)

OTA numbering Email rule Cross reference to IRD published policy OTA comment
A. A stakeholder can request and IRD agree to send communications by email 1 Implicit from the fact there is a process
B. IRD staff must (surely) comply with that request 2 Given there is a documented process that IRD must follow, surely that means that on request of a stakeholder IRD must actually use email
C. Request can be made by phone, email or letter 4 IRD refers to their customer consent form but there is no legal or policy issue that prevents you from using your own (perhaps better) template
D. If the stakeholder is a tax agent they must get their agency client to document agreement. Permission is then granted to the agent with one agreement 7
E. Stakeholders who are authorised persons but not as a tax agent should send IRD a permission document for each client The policy document makes reference to agencies but IRD assures us that it also applies to authorised persons whereupon the blanket approval for tax agents does not apply
F. Each subject line must begin with the words ‘in confidence’ and then the subject, generally the taxpayer name 10b A subject line that says ‘re your email’ or “granny’s scone recipe” is no use
G. Confidential contents should be set out in an attachment – either excel (if the stakeholder requests or agrees) or pdf 10a, c Why? Are IRD letters limited to a generic sentence followed by the juicy stuff in an appendix?

H.

If the stakeholder agrees the attachment may be protected by password 10c but overridden by 15 Not clear, but IRD does say need not be encrypted, whatever IRD means by encrypted
OTA numbering Email rule Cross reference to IRD published policy OTA comment

I.

If the stakeholder agrees the attachment may be converted to pdf 16 IRD refers to ‘encrypted’ when they really mean zipped. Zipping is a process to reduce the size of documents, but is ineffective for pdfs and is rarely necessary for Microsoft Office documents
J. If the stakeholder agrees the pdf attachment may be zipped (but why would you?) 15 sort of IRD refers to encrypted when they mean zipped, but then say the recipient can request it not be encrypted/zipped
K. On request IRD may share a working copy of a document 13 Extremely helpful; if only staff would follow it
L. Spreadsheets must be ‘cleansed’ and formulas checked 14 Overly onerous. IRD also make errors in spreadsheets. The two parties need to work collaboratively
Then there are some nonsensical rules:
M. When replying to an email IRD must delete the previous communications The reply loses context. If the previous communications are in accordance with email policy, why do they become more risky just because they are in a reply?
N. OK I admit it; IRD does say non encrypted (non zipped) attachments must be password protected 16 But why? No passwords on faxes or snail mail which from time to time IRD does misaddress
Finally some protocols that IRD ignores
O. It is courteous to set up an out of office reply if away for more than a few hours and emails are not monitored. Frequently we leave email or telephone messages only to find out weeks later that the person is on holiday, ill, or (on a couple of occasions) deceased! Some staff do, some staff don’t, some staff set up an out of office and leave it on weeks after they return to work. Several times we have asked IRD to implement a consistent policy . IRD doesn’t say yes or no, IRD just ignores our suggestion. Very unprofessional.
P. IRD staff should switch on ‘read replies’ so a sender knows when IRD has opened an email Interestingly we have seen internal policy that says IRD should request read replies, but doesn’t mention allowing them to be sent in the other direction. Unprofessional and arrogant

Appendix 2: IRD policy per website and Owens Tax Advisors’ comments (four pages)

This appendix is probably only of academic interest.

The middle column sets out the text of IRD’s email policy published in March 2016.

See www.ird.govt.nz/taxagents/working/comms-email

In our view it is excessively wordy, self contradictory and overall very poorly written.

We understand a new version would be issued in June, then delayed to July 2016…

The left hand column applies a set of numbers for cross reference purposes, and the right column is our comments.

IRD rule #1 Communicating with us by email Owens Tax comment
1 Email communication is a useful way to engage with customers, and in particular their representatives. However there are security risks that must be managed and as far as practical, minimised. Indeed it is a useful way to communicate, and of course there are security risks but there is just as much security risk with faxes or snail mail, indeed arguably more because an error in fax or address can result in misdelivery whereas an error in an email address will more often than not bounce. Further snail mail and faxes can’t be protected by password
2 Inland Revenue staff who communicate with customers and/or their representatives about tax matters on a regular basis must use the following process when sending outbound emails. Occasionally IRD staff refuse to use email, or worse use email and then randomly decline to do so, despite (or perhaps because) the recipient is under time constraint. This is unacceptable
Consent process
3 Generally, formal consent must be obtained from a customer or their representative before sending an outbound email containing information about the customer. This is overemphasised; the fact is stakeholders can give a generic consent
4 Consent may be:
The stakeholder can also just email or phone; there is no reason or requirement to use an IRD template
  • over the telephone if the call is recorded, or
Good reminder – IRD records phone calls
  • in an email.
The most efficient
5 Consent can be given for a specific customer by the customer themselves or their tax agent. Or an authorised representative – see further down

1 IRD hasn’t numbered their rules so this is for cross referencing only

IRD rule #1 Communicating with us by email Owens Tax comment
When emails don’t require consent
6 Consent is not required when we haven’t been able to contact a customer any other way. Our email to them must: Interesting that stakeholders can ask for a particular communication method, but IRD can override that preference
  • only request the customer to contact us
  • not give any information about the nature of conversation we want to have with them, and
  • only include the staff member’s name and phone number in the signature on the email.
Tax agent consent These rules also can apply in respect of a client for which authorised person status is recorded but are not on a tax agency
7 We can accept a blanket email consent from a tax agency. That consent will apply to all clients of the tax agency, but is limited to tax types the agent has been appointed for. This is very helpful for tax agents
8 The tax agency consent form must be signed on behalf of the tax agency by the principal, managing partner or other authorised person.
Tax agent consent form No rule or policy preventing a stakeholder to use their own (probably better) form
We review consent forms for tax agents on a regular basis. Oh goody – every 5 years or so
Address of email recipient
9 When we are preparing to send an email:
  • where confidential information is attached and the email address has been manually entered, the address must be checked and confirmed by another staff member before it is sent.
IRD should apply the same control over fax numbers and postal addresses, which IRD also get wrong from time to time
IRD rule #1 Communicating with us by email Owens Tax comment
  • where the “reply” function is used any previous communications (email strings) will be deleted before sending it. The reply function will be used when sending unencrypted attachments and another staff member is not required to check the email address.
We consider this is an unnecessary and obstructive requirement. Security concerns are already dealt with by the plethora of rules, why should a previous email suddenly become more risk?
Email content
10 When preparing the content of the email we will ensure the following practices are used:
a
  • Confidential information should never be contained in the body of an email.
Are IRD letters limited to a generic sentence followed by the juicy stuff in an appendix?
b
  • The subject line of the emails should state “In Confidence” and identify the subject of the communication.
Do letters and faxes from IRD all say “in confidence”? However if it gives IRD a warm feeling we should comply
c
  • The body of the email should refer to the fact that one or more documents are attached (where required) and that the documents are encrypted and password protected as appropriate.
d
  • The email should advise that a password to enable viewing of any attachment will be supplied independently of the email.
Lock the door and leave a note saying where the key is hidden
Password communication
10 Where attachments are password protected, we will advise the recipient of the password by text message, telephone or in a separate email. How painfully inefficient
11 When the information being sent is of a highly protected nature text message or telephone is the preferred option. “Highly protected” has no meaning
Attachments with confidential information
12 Attachments to emails must be, unless outlined below, converted into PDF format, encrypted and password protected. Just ask and you can get round most of these rules
IRD rule #1 Communicating with us by email Owens Tax comment
Sending non-PDF attachments
13 A working copy of a spreadsheet or other memorandum may be released with the approval of the staff member’s leader, for example where:
  • we are working collaboratively with the customer/agent on the content or calculations
We are always working collaboratively
  • the agent wants to verify calculations or formula
  • providing the spreadsheet or memorandum in open format will facilitate the efficient progress of a case.
14 Our staff need to take care to ensure any spreadsheet or memorandum is cleansed to avoid the inadvertent release of information relating to other parties. Similarly when spreadsheets are returned formulas should be verified by our staff. Overly onerous. IRD also make errors in spreadsheets. The two parties need to work collaboratively
Sending non-encrypted attachments
15 Attachments containing confidential information must be encrypted unless the recipient: IRD says encrypted when they really mean zipped – a different protocol. Zipping will bypass some firewall or anti virus protection. Stakeholders should always ask for attachments to not be zipped
  • requests the communication without encryption, and
Do it
  • provides written advice to that effect or verbally by a phone call that is recorded.
Do it
16 Non-encrypted attachments must be converted into PDF format (unless agreement to the contrary has been reached) and must be password protected. More unnecessary barriers to efficient communication

One thought on “IRD’s email policy finally!

Leave a Reply

Your email address will not be published. Required fields are marked *