Blog article
See all stories »

HMRC unable to accept encrypted media

Here we are over 2 months after the initial Child Benefit fiasco; you would think the HMRC would have introduced controls to accept encrypted media?

The Information Commissioner just issued Marks & Spencer with an Enforcement Notice giving them until 1st April 2008 (ie only 2 months) to complete encryption of all their laptops

So here we are trying to send HMRC an S17 “Report of Savings Income”, ie Interest Paid to Savers. 

We refer to their guidelines dated 1st March 2007, which have not been updated, revised or refreshed. 

It states on page 7, Section 1.3 Encrypted Files “HMRC is only able to accept self de-crypting files” which rather defeats the object.

As instructed we contact the HMRC Fujitsu Data Capture Unit in Telford Shropshire to ask if the instructions on the Website are out of date, to be advised no they are still in force.  

If you send an encrypted file, or if the file is not ASCII, UNICODE or EBCDIC, if it has a file extension, eg a password–protected .doc, .xls or .zip, then the file will be rejected, and you will have been deemed not to have supplied the Statutory Return according to schedule, and you will be fined. 

What sensitive personal data is on the S17 file? 

Name, Address, Postal Code, Date of Birth, Place of Birth, Country of Birth, National Insurance Number/TaxPayer Identification Number – oh great for Identity Theft or getting hold of a Birth Certificate then! 

Good old Fujitsu – really ahead of the game! 

Why doesn’t the ICO give them/HMRC 60 days notice as well?


Comments: (0)

Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007



Blog posts




This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all

Now hiring