Here we are over 2 months after the initial Child Benefit fiasco; you would think the HMRC would have introduced controls to accept encrypted media?
The Information Commissioner just issued Marks & Spencer with an Enforcement Notice giving them until 1st April 2008 (ie only 2 months) to complete encryption of all their laptops
http://www.ico.gov.uk/upload/documents/library/data_protection/notices/m_and_s_sanitiseden.pdf
So here we are trying to send HMRC an S17 “Report of Savings Income”, ie Interest Paid to Savers.
We refer to their guidelines dated 1st March 2007, which have not been updated, revised or refreshed.
http://www.hmrc.gov.uk/esd-guidance/s17-si-03-mag-spec.pdf
It states on page 7, Section 1.3 Encrypted Files “HMRC is only able to accept self de-crypting files” which rather defeats the object.
As instructed we contact the HMRC Fujitsu Data Capture Unit in Telford Shropshire to ask if the instructions on the Website are out of date, to be advised no they are still in force.
If you send an encrypted file, or if the file is not ASCII, UNICODE or EBCDIC, if it has a file extension, eg a password–protected .doc, .xls or .zip, then the file will be rejected, and you will have been deemed not to have supplied the Statutory Return
according to schedule, and you will be fined.
What sensitive personal data is on the S17 file?
Name, Address, Postal Code, Date of Birth, Place of Birth, Country of Birth, National Insurance Number/TaxPayer Identification Number – oh great for Identity Theft or getting hold of a Birth Certificate then!
Good old Fujitsu – really ahead of the game!
Why doesn’t the ICO give them/HMRC 60 days notice as well?