The SA Revenue Service (Sars) earlier this week inadvertently sent 20 000 taxpayers’ e-mail addresses to other taxpayers. The 20 000 addresses in question were the intended recipients of the Sars e-mail.
Realising the error, Sars sent a follow-up e-mail apologising to those affected and requesting that they “immediately delete that email and its attachment”.
It added that Sars takes “stringent measures to protect and safeguard the information of taxpayers, including their e-mail addresses” but that “these safeguards failed in this instance due to human error”.
Sars said it was conducting a “full investigation” into the incident and wished to assure those affected that it would take “strong action against those responsible”. It said and it would implement “additional measures to further protect taxpayer information”.
In the e-mail, Sars also sought to remind those affected that according to the legal restrictions applicable to its e-mail communication no one may further distribute correspondence from it and that it would “not hesitate to take the strongest legal action against anyone found to have saved, used or distributed the list of e-mail addresses”.
Mark Kingon, group executive at Sars, says the organisation wants to reiterate that human error was to blame for the erroneous inclusion of taxpayers’ e-mail addresses and that it views the incident “in a very serious light”.
He says Sars has suspended some members of staff as a result of the incident and that its investigation is continuing.
Sars sends high volumes of e-mail and that in this particular incident e-mails were being sent to over 150 000 employers to notify them of changes relating to Sars Easyfile service, Kingon says.
In an effort to avoid incidents like this one, Sars sends e-mails in batches of 20 000 rather than sending them all at once, so that if there is an error it can be corrected before going to the entire database.
“It’s an offence to disseminate or otherwise use those addresses and we will take all available punitive measures against anyone found to have done so,” says Kingon. — Craig Wilson, TechCentral