24 October 2017
Keith Appleyard

Please Engage Brain

Keith Appleyard - available for hire

60Posts 298,389Views 107Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

HMRC unable to accept encrypted media

01 February 2008  |  3846 views  |  0

Here we are over 2 months after the initial Child Benefit fiasco; you would think the HMRC would have introduced controls to accept encrypted media?

The Information Commissioner just issued Marks & Spencer with an Enforcement Notice giving them until 1st April 2008 (ie only 2 months) to complete encryption of all their laptops  

http://www.ico.gov.uk/upload/documents/library/data_protection/notices/m_and_s_sanitiseden.pdf

So here we are trying to send HMRC an S17 “Report of Savings Income”, ie Interest Paid to Savers. 

We refer to their guidelines dated 1st March 2007, which have not been updated, revised or refreshed.

 http://www.hmrc.gov.uk/esd-guidance/s17-si-03-mag-spec.pdf 

It states on page 7, Section 1.3 Encrypted Files “HMRC is only able to accept self de-crypting files” which rather defeats the object.

As instructed we contact the HMRC Fujitsu Data Capture Unit in Telford Shropshire to ask if the instructions on the Website are out of date, to be advised no they are still in force.  

If you send an encrypted file, or if the file is not ASCII, UNICODE or EBCDIC, if it has a file extension, eg a password–protected .doc, .xls or .zip, then the file will be rejected, and you will have been deemed not to have supplied the Statutory Return according to schedule, and you will be fined. 

What sensitive personal data is on the S17 file? 

Name, Address, Postal Code, Date of Birth, Place of Birth, Country of Birth, National Insurance Number/TaxPayer Identification Number – oh great for Identity Theft or getting hold of a Birth Certificate then! 

Good old Fujitsu – really ahead of the game! 

Why doesn’t the ICO give them/HMRC 60 days notice as well?

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Keith

Barclays On-line Banking deserves better error messages

02 January 2014  |  13577 views  |  1 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupWhatever...

RBS does have robust procedures

01 October 2013  |  3475 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupWhatever...

National Savings and Investments are rather too lethargic

17 April 2013  |  13831 views  |  0 comments | recomends Recommends 1 TagsSecurityMobile & onlineGroupWhatever...

RBS Internet Banking is not for the English

28 January 2013  |  5558 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineGroupWhatever...

RBS don't seem to understand basic book-keeping rules

26 June 2012  |  6341 views  |  5 comments | recomends Recommends 2 TagsPaymentsGroupWhatever...

Keith's profile

job title IT Consultant
location Bromley
member since 2008
Summary profile See full profile »
Focussing on IT Strategy and Systems Architecture issues, primarily in the Payment Card Industry - scope is Global. SME on topics such as Data Protection and Encryption.

Keith's expertise

Member since 2007
60 posts107 comments
What Keith reads

Who's commenting on Keith's posts