From 06/04/2015, agencies are obliged to report to HMRC details of contractor organisations that they deal with. These details will include some personal details such as NI numbers.
This is clearly a phishing exercise by HMRC to gather information for possible IR35 investigations. However, under the Data Protection Act, any organisation, including Government departments, which wishes to process personal data, must gain explicit permission from the subject to hold their personal data. Furthermore, that permission must be given freely.
There is a suggestion that should individuals refuse to provide their personal information, then the agencies will alter or terminate their contracts. Under such circumstances, that information would then be given under duress, which is in contravention of the DPA.
So what is the panel's view?