Unencrypted investor data sent to Revenue and Customs in the post

HM Revenue and Customs is emrboiled in another row over data security amid claims by the Investment Management Association that the UK government department is unable to handle encrypted data tapes relating to investor returns.

  0 Be the first to comment

Unencrypted investor data sent to Revenue and Customs in the post

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Despite the recent disappearance of two computers disks containing information on 25 million child benefit claimants, fund managers are still required to send data - including names, addresses, dates of birth and National Insurance numbers - on an unencrypted floppy disc by post or other carrier, at the request of HMRC.

Richard Saunders, chief executive of trade body The Investment Management Association (IMA), told reporters that it is thought that the HMRC does not have systems in place to deal with the information in encrypted form.

The IMA says Saunders has written to David Hartnett, the new chairman of HMRC, calling for immediate action to tighten security.

"The IMA is asking HMRC to come up with new ways of sending the data so the individuals' details are not compromised," says the IMA in a statement. "There must be ways of doing this that are not onerous on the Revenue."

A spokeswoman for HMRC told reporters that encrypting the data would be a "recipe for chaos" as the Revenue would receive information from thousands of different financial institutions using different coding programs.

The chairman of HMRC Paul Gray resigned following the disclosure last month that computer discs containing the confidential information - including bank account details - of all 25 million child benefit recipients in the UK had been lost by HMRC.

The two password-protected discs, which contained a full copy of HMRC's entire data in relation to the payment of the child benefit went missing while in transit from HMRC's headquarters in Washington, Tyne and Wear to the National Audit Office (NAO) in London in October.

The incident was the third security breach involving HMRC this year. Earlier in November it was revealed that a CD containing confidential data for around 15,000 Standard Life customers had gone missing while in transit from HMRC to the insurer's headquarters in Edinburgh.

That followed an earlier incident in October when the HMRC reported that a laptop had been stolen containing data on up to 2000 people with investment ISAs. According to press reports a HMRC staff member had been using the PC for a routine audit of tax information from a number of investment firms.

Sponsored [New Report] The Future of Payments 2025 – Digital, instant, profitable?

Related Company

Keywords

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates