Monday, 3 December 2007

Heads in The Sand

HMRC Heads in The Sand
Much like ostriches with their heads in the sand, the people "in charge" of HMRC are refusing to learn the lessons of the recent shambolic loss of data and are still using the post to transfer people's personal details.

The Telegraph reports that details of 9 million people's investments (worth £60BN) are being sent insecurely through the post, because HMRC requires these discs to be unencrypted.

HMRC requires fund managers to submit details every year of all investors' names, addresses, dates of birth, National Insurance numbers and the amount each individual has invested in Isas and Peps.

So far so good.

However, HMRC stipulates that this data must be delivered in an unencrypted extended binary coded decimal interchange code (EBCDIC), or American standard code for information interchange (ASCII) text format.

Why does HMRC make such a stipulation?

Richard Saunders, chief executive of the Investment Management Association (IMA), believes that he has the answer:

"I assume this is because HMRC does not have systems to cope with this information in encrypted form and it may cost more for it to have systems that cope with secure data."

Mr Saunders has written to David Hartnett, chairman of HMRC, asking for this practice to be stopped. He awaits a response.

A spokesman for HMRC said:

"Sorry, we are not commenting as this falls under the terms of reference of the Poynter review."

So that's alright then!

They just don't get this security issue do they?

www.hmrcisshite.com is brought to you by www.kenfrost.com "The Living Brand"

No comments:

Post a Comment