After years of lobbying IRD Service Delivery has finally published a policy in respect of how staff will interact with stakeholders via email.
At time of writing the policy is buried in the tax agents section of IRD’s website but applies to all stakeholders and all service delivery including investigations, debt management and customer service.
It is surprising and very disappointing that this has taken until now especially given the government’s and state sector’s lauded focus on better public services with a key focus area that has been in place since 2011 – Improving Interaction with government, New Zealanders can complete their transactions with the Government easily in a digital environment.
At time of writing, the policy applies to all stakeholders and all service delivery including investigations, debt management and customer services.
And while I suppose we should be grateful that IRD have finally published a policy, it is not without complications and significant areas for improvement i.e.
- It remains somewhat obscure and incomplete
- It is buried in the Tax Agents section of IRD’s website (what about other stakeholders?)
- To make any sense of it I found myself carrying out a line by line analysis with more practical interpretation (surely IRD could write in plain language to assist compliance?)
- It contains nonsensical rules such as When replying to an email IRD must delete the previous communications
- It includes protocols that IRD staff ignore- IRD staff should switch on ‘read replies’ so a sender knows when IRD has opened an email
Background
Until recently each division of IRD was left to write its own email policy, and then delegated that down to individual offices and even individuals. The result was a mish mash of poorly written, inconsistent and self-contradictory rules that were all but impossible to follow.
IRD’s paranoia over email was magnificently illustrated when they refused to release a copy of the policy until I issued an Official Information Act (OIA) request early in 2016.
IRD policy per website
http://www.ird.govt.nz/contact-us/?topic=online-email-us-consent
Postscript: Subsequently IRD removed the policy without notification. Here is a link to a copy oin Owens Tax archives
https://www.dropbox.com/s/bxlhtih8fylsvnu/Email%20Policy%20November%202015%20-%20for%20publishing%20on%20IRD%20website%20draft.pdf?dl=0
Appendix 1: Interpretation of IRD’s Email Policy
To assist stakeholders wanting to communicate with IRD through email, we have provided interpretation of IRD’s email policy in the attached tables;
- Interpretation of the rules along with our comments cross referenced to the policy as currently published (February 2016)
- IRD published policy and our comments
Owens Tax Advisors – interpretation of IRD email rules (two pages)
We have set out below our interpretation of the rules along with our comments cross referenced to the policy as currently published (as at March 2016)
| OTA numbering | Email rule | Cross reference to IRD published policy | OTA comment |
| A. | A stakeholder can request and IRD agree to send communications by email | 1 | Implicit from the fact there is a process |
| B. | IRD staff must (surely) comply with that request | 2 | Given there is a documented process that IRD must follow, surely that means that on request of a stakeholder IRD must actually use email |
| C. | Request can be made by phone, email or letter | 4 | IRD refers to their customer consent form but there is no legal or policy issue that prevents you from using your own (perhaps better) template |
| D. | If the stakeholder is a tax agent they must get their agency client to document agreement. Permission is then granted to the agent with one agreement | 7 | |
| E. | Stakeholders who are authorised persons but not as a tax agent should send IRD a permission document for each client | The policy document makes reference to agencies but IRD assures us that it also applies to authorised persons whereupon the blanket approval for tax agents does not apply | |
| F. | Each subject line must begin with the words ‘in confidence’ and then the subject, generally the taxpayer name | 10b | A subject line that says ‘re your email’ or “granny’s scone recipe” is no use |
| G. | Confidential contents should be set out in an attachment – either excel (if the stakeholder requests or agrees) or pdf | 10a, c | Why? Are IRD letters limited to a generic sentence followed by the juicy stuff in an appendix? |
|
H. |
If the stakeholder agrees the attachment may be protected by password | 10c but overridden by 15 | Not clear, but IRD does say need not be encrypted, whatever IRD means by encrypted |
| OTA numbering | Email rule | Cross reference to IRD published policy | OTA comment |
|
I. |
If the stakeholder agrees the attachment may be converted to pdf | 16 | IRD refers to ‘encrypted’ when they really mean zipped. Zipping is a process to reduce the size of documents, but is ineffective for pdfs and is rarely necessary for Microsoft Office documents |
| J. | If the stakeholder agrees the pdf attachment may be zipped (but why would you?) | 15 sort of | IRD refers to encrypted when they mean zipped, but then say the recipient can request it not be encrypted/zipped |
| K. | On request IRD may share a working copy of a document | 13 | Extremely helpful; if only staff would follow it |
| L. | Spreadsheets must be ‘cleansed’ and formulas checked | 14 | Overly onerous. IRD also make errors in spreadsheets. The two parties need to work collaboratively |
| Then there are some nonsensical rules: | |||
| M. | When replying to an email IRD must delete the previous communications | The reply loses context. If the previous communications are in accordance with email policy, why do they become more risky just because they are in a reply? | |
| N. | OK I admit it; IRD does say non encrypted (non zipped) attachments must be password protected | 16 | But why? No passwords on faxes or snail mail which from time to time IRD does misaddress |
| Finally some protocols that IRD ignores | |||
| O. | It is courteous to set up an out of office reply if away for more than a few hours and emails are not monitored. Frequently we leave email or telephone messages only to find out weeks later that the person is on holiday, ill, or (on a couple of occasions) deceased! | Some staff do, some staff don’t, some staff set up an out of office and leave it on weeks after they return to work. Several times we have asked IRD to implement a consistent policy . IRD doesn’t say yes or no, IRD just ignores our suggestion. Very unprofessional. | |
| P. | IRD staff should switch on ‘read replies’ so a sender knows when IRD has opened an email | Interestingly we have seen internal policy that says IRD should request read replies, but doesn’t mention allowing them to be sent in the other direction. Unprofessional and arrogant | |
Appendix 2: IRD policy per website and Owens Tax Advisors’ comments (four pages)
This appendix is probably only of academic interest.
The middle column sets out the text of IRD’s email policy published in March 2016.
See www.ird.govt.nz/taxagents/working/comms-email
In our view it is excessively wordy, self contradictory and overall very poorly written.
We understand a new version would be issued in June, then delayed to July 2016…
The left hand column applies a set of numbers for cross reference purposes, and the right column is our comments.
| IRD rule #1 | Communicating with us by email | Owens Tax comment |
| 1 | Email communication is a useful way to engage with customers, and in particular their representatives. However there are security risks that must be managed and as far as practical, minimised. | Indeed it is a useful way to communicate, and of course there are security risks but there is just as much security risk with faxes or snail mail, indeed arguably more because an error in fax or address can result in misdelivery whereas an error in an email address will more often than not bounce. Further snail mail and faxes can’t be protected by password |
| 2 | Inland Revenue staff who communicate with customers and/or their representatives about tax matters on a regular basis must use the following process when sending outbound emails. | Occasionally IRD staff refuse to use email, or worse use email and then randomly decline to do so, despite (or perhaps because) the recipient is under time constraint. This is unacceptable |
| Consent process | ||
| 3 | Generally, formal consent must be obtained from a customer or their representative before sending an outbound email containing information about the customer. | This is overemphasised; the fact is stakeholders can give a generic consent |
| 4 | Consent may be: | |
|
The stakeholder can also just email or phone; there is no reason or requirement to use an IRD template | |
|
Good reminder – IRD records phone calls | |
|
The most efficient | |
| 5 | Consent can be given for a specific customer by the customer themselves or their tax agent. | Or an authorised representative – see further down |
1 IRD hasn’t numbered their rules so this is for cross referencing only
| IRD rule #1 | Communicating with us by email | Owens Tax comment |
| When emails don’t require consent | ||
| 6 | Consent is not required when we haven’t been able to contact a customer any other way. Our email to them must: | Interesting that stakeholders can ask for a particular communication method, but IRD can override that preference |
|
||
|
||
|
||
| Tax agent consent | These rules also can apply in respect of a client for which authorised person status is recorded but are not on a tax agency | |
| 7 | We can accept a blanket email consent from a tax agency. That consent will apply to all clients of the tax agency, but is limited to tax types the agent has been appointed for. | This is very helpful for tax agents |
| 8 | The tax agency consent form must be signed on behalf of the tax agency by the principal, managing partner or other authorised person. | |
| Tax agent consent form | No rule or policy preventing a stakeholder to use their own (probably better) form | |
| We review consent forms for tax agents on a regular basis. | Oh goody – every 5 years or so | |
| Address of email recipient | ||
| 9 | When we are preparing to send an email: | |
|
IRD should apply the same control over fax numbers and postal addresses, which IRD also get wrong from time to time |
| IRD rule #1 | Communicating with us by email | Owens Tax comment |
|
We consider this is an unnecessary and obstructive requirement. Security concerns are already dealt with by the plethora of rules, why should a previous email suddenly become more risk? | |
| Email content | ||
| 10 | When preparing the content of the email we will ensure the following practices are used: | |
| a |
|
Are IRD letters limited to a generic sentence followed by the juicy stuff in an appendix? |
| b |
|
Do letters and faxes from IRD all say “in confidence”? However if it gives IRD a warm feeling we should comply |
| c |
|
|
| d |
|
Lock the door and leave a note saying where the key is hidden |
| Password communication | ||
| 10 | Where attachments are password protected, we will advise the recipient of the password by text message, telephone or in a separate email. | How painfully inefficient |
| 11 | When the information being sent is of a highly protected nature text message or telephone is the preferred option. | “Highly protected” has no meaning |
| Attachments with confidential information | ||
| 12 | Attachments to emails must be, unless outlined below, converted into PDF format, encrypted and password protected. | Just ask and you can get round most of these rules |
| IRD rule #1 | Communicating with us by email | Owens Tax comment |
| Sending non-PDF attachments | ||
| 13 | A working copy of a spreadsheet or other memorandum may be released with the approval of the staff member’s leader, for example where: | |
|
We are always working collaboratively | |
|
||
|
||
| 14 | Our staff need to take care to ensure any spreadsheet or memorandum is cleansed to avoid the inadvertent release of information relating to other parties. Similarly when spreadsheets are returned formulas should be verified by our staff. | Overly onerous. IRD also make errors in spreadsheets. The two parties need to work collaboratively |
| Sending non-encrypted attachments | ||
| 15 | Attachments containing confidential information must be encrypted unless the recipient: | IRD says encrypted when they really mean zipped – a different protocol. Zipping will bypass some firewall or anti virus protection. Stakeholders should always ask for attachments to not be zipped |
|
Do it | |
|
Do it | |
| 16 | Non-encrypted attachments must be converted into PDF format (unless agreement to the contrary has been reached) and must be password protected. | More unnecessary barriers to efficient communication |
One thought on “IRD’s email policy finally!”