Voice records of more than five million customers were obtained unlawfully by the taxman in major breach of privacy law as HM Revenue and Customs is forced to delete the files HMRC failed to alert callers they were being signed up to voice verification Information Commissioner’s Office ruled it was a major breach of privacy law The data 'was stored in the UK and not shared with any other organisations'By Victoria Bischoff Money Mail Editor For The Daily Mail Published: 01:35 BST, 4 May 2019 | Updated: 01:35 BST, 4 May 2019 Viewcomments Voice records for more than five million taxpayers were obtained unlawfully by the taxman, a watchdog has ruled. HM Revenue & Customs failed to properly alert callers they were being signed up to a service that would use their voice to verify their identity when making an inquiry. The Information Commissioner’s Office (ICO) ruled this was a major breach of privacy law. HMRC will be served a final enforcement notice next week, giving the taxman 28 days from that date to delete the records. Voice recognition software replaces the need for passwords and is thought to be more secure. HM Revenue & Customs failed to properly alert callers they were being signed up to a service that would use their voice to verify their identity when making an inquiry It is increasingly used by major banks, including HSBC and Santander. But customers must give firm permission before they are allowed to store a recording. Taxpayers have been allowed to use it on some HMRC helplines since 2017, including child benefit, tax credits, self-assessment, taxes and national insurance. Customers must repeat the phrase: ‘My voice is my password’ to register. But the taxman had not given customers sufficient information about how the biometric data would be processed and failed to give them the chance to give or withhold consent. This was a breach of the General Data Protection Regulation, which came into force in 2018, the ICO said. A HMRC spokesman said: ‘We offer Voice ID as an easy way for customers to access their accounts securely by phone and have ensured it complies with GDPR consent rules since October 2018' Silkie Carlo, of campaign group Big Brother Watch, which alerted the ICO to the breach, said: ‘This sets a vital precedent for biometrics collection and the database state, showing no government department is above the law.’ A HMRC spokesman said: ‘We offer Voice ID as an easy way for customers to access their accounts securely by phone and have ensured it complies with GDPR consent rules since October 2018. ‘Over 1.5million people who have phoned HMRC since have told us they want to continue using the service and we’re already deleting the records of those who haven’t.’ The spokesman added that the data was stored in the UK and not shared with any other organisations. Share or comment on this article: All rights reserved for this news site dailymail and under his responsibility