Consumer groups are calling for tougher protection of data and for consumers to be warned when such data is compromised.
UK data protection rules should be strengthened to stem a rise in identity theft, consumer representatives have said.
The National Consumer Council believes it should be mandatory for businesses to warn people if sensitive personal information is compromised.
In the UK there is currently no requirement to reveal, for example, when a database has been hacked into or computer records have been stolen or lost.
Consumer groups argue that if people are informed they can take preventative action to stop identity theft.
That seems fair enough to me. Perhaps one of the most effective management methods is for people to take charge of their own data; don’t give out more information than the other party actually needs in order to conduct a transaction. This, naturally means keeping the state out of it as they want far more than is necessary and to compound matters, want to put that information on a government database; possibly the most insecure place to keep it. Indeed, not giving any more information to anyone (particularly the government) that they do not need is a good start.
Identity crime already affects 100,000 people a year in the UK and costs the economy *£1.7 billion.
No it fucking doesn’t. That figure is a lie plucked out of the ether by disingenuous home office officials. The closest to an accurate figure is £27m – which isn’t even close to the quoted £1.7bn. I do wish people would stop propagating this lie.
Having said that, more openness about security breaches, giving consumers a chance to stop the theft as quickly as possible makes sense.
In the US, 34 states have already made it law to reveal breaches affecting identity security.
They took action because millions of people were being put at risk through security lapses by both business *and government.
Forcing the government to come clean when if stuffs up is a novel concept. The Data protection Act is already in place, but doesn’t cover notification in the event of breaches in security. Ed Mierzwinski consumer programme director of PIRG (Public Interest Research Group) concurs:
He told the programme: “You’ll need to upgrade even strong data protection acts to give consumers more control over their information so England, France, Germany, all countries should give consumers greater protection [and] notice [of] when companies lose their information.”
I suppose the question that springs to my mind – as someone with libertarian instincts – is this; why should we need laws to force companies (and government) to do what common sense tells them they should be doing anyway as a matter of good practice, that is in their interests as much as that of the consumer?
Or, in plain language; why do we need yet more legislation for people to do the right thing?
*my emphasis
Longrider, you question why laws are needed for data protection.
I can envisage a simple system where every organisation/person who keeps any data about other people has to notify each of them, once per year or more often, and provide (free of charge) a complete copy of the data held about the individual. Furthermore, the data can only be retained with explicit permission.
Given such a simple arrangement (probably the minimum necessary for proper protection of personal information), how do we ensure that organisations follow the rules? Unless it is a legal obligation, some organisations will not do so: most reasonably because it costs them money to comply.
Best regards
I was being somewhat rhetorical – in a perfect world people would do the right thing because it is the right thing; not because they would be prosecuted for not doing it. There is a little bit of the optimist still lurking in my soul…. somewhere.