Unsafe HMRC data put investments of £60bn at risk

The trade body representing individual savings account (Isa) and personal
equity plan (Pep) managers has written to
HM Revenue & Customs
(HMRC), calling for tighter security as a matter of urgency, after learning HMRC
requires data discs to be unencrypted.

Richard Saunders,
Investment Management
(IMA) chief executive, told The Daily Telegraph he was
still waiting for a reply from HMRC to a letter he wrote a week ago to Dave
Hartnett, HMRC chairman, stating: ‘There have been at least two recent instances
where data has been compromised, one of which involved Pep and Isa data
belonging to a number of firms.’

HMRC requires fund managers to submit details every year of all investors’
names, addresses, dates of birth, national insurance numbers and the amounts
each invested in Isas and Peps, with the aim to prevent investors exceeding
limits on Isa and Pep tax shelters.

But fund managers are alarmed HMRC requires this data to be delivered in an
unencrypted extended binary coded decimal interchange code (EBCDIC) or American
standard code for information interchange (ASCII) text format.

Further reading:

Under half of IT managers using encryption

story in The Daily Telegraph

Related reading