New rules may let IRD 'fish' overseas

Cloud computing allows a firm to outsource services, such as data storage and software, to an off-site provider. Photo / Thinkstock

Online accounting software provider Xero is concerned new protocols being drawn up by Inland Revenue could allow government departments to go on "fishing expeditions" through taxpayers' business records.

The tax department is developing guidelines with cloud computing providers to ensure it can gain access to New Zealand companies' information stored in overseas data centres.

"The IRD are trying to get their head around the cloud and tax evasion at the moment," said Julian Smith, general manager of MYOB, another local accounting software firm.

New Zealand businesses using cloud-based accounting systems will often have their business records stored overseas. Xero users, for example, have their information stored in United States-based data centres.

Rod Drury, Xero's chief executive, said the Wellington-based firm supported the guidelines and had worked with the IRD on developing them, but was also working with the Privacy Commissioner to try to ensure the right balance was reached and government departments did not abuse powers when accessing data.

"We don't think it's fair that government departments should be able to go on fishing expeditions [for information]," Drury said. "We also believe that if one of our customers gets a request for data the customer should be alerted that the request is taking place so they have the opportunity to injunct that."

An IRD spokeswoman said the guidelines were aimed at dealing with the authorisation process around keeping records offshore. "These guidelines do not alter our ability to gather taxpayer information under the existing powers and processes," she said.

Inland Revenue group tax counsel Graham Tubb said the Tax Administration Act required taxpayers to keep their business records in New Zealand unless they had been granted permission to keep information overseas.

The guidelines would allow companies to store information offshore while giving the IRD appropriate access to their data, meaning firms would not be required to gain prior approval to keep records overseas, Tubb said.

Drury said it was his understanding that Xero already had an informal agreement with the IRD that meant its customers were not required to submit applications to store their business records in the United States.

"We have policies around how external agencies ... can get that data," he said. "They [the IRD] don't want us to send 50,000 applications their way."

Drury said he hoped Xero's agreement with the IRD would become more formal over the next year or so.

Smith said MYOB customers using its cloud-based applications had their data stored in a number of different territories, but users had the ability to keep a local copy of the data to stay in compliance with IRD requirements.

MYOB's "next generation" cloud applications would automatically store a local copy, he said.

Smith said he did not have any concerns about privacy issues as a result of the guidelines.

The guidelines are not expected to be finalised until the Taxation Bill, which is awaiting its second reading in Parliament, is passed.