You might think your personal data is safe, secured under computerised lock and key, and fenced by the Data Protection Act with its sanctions against release of private data. Especially, surely, that which the government holds.The reality is that everything has its price. Last month, the Information Commissioner’s Office (ICO), the state-funded watchdog for personal data, published a report, What Price Privacy?. The title’s question was answered with a price list of public-sector data: £17.50 for the address of someone who is on the electoral register but has opted out of the freely available edited version; £150 to £200 for a vehicle record held by the Driver and Vehicle Licensing Agency; £500 for access to a criminal record. The private sector also leaks: £75 buys the address associated with a mobile phone number, and £750 will get the account details.

These were the prices charged by private investigators caught by the ICO and police. Their clients included insurers, creditors and criminals trying to influence jurors, witnesses or legal personnel. Newspapers were a big source of business: the ICO says it knows the names of 305 journalists who have used such investigators.

The investigators obtained the data from corrupt insiders or via “blaggers” who impersonated officials and others to obtain personal information, often gathering an apparently unimportant fact, such as a mother’s maiden name, in one phone call in order to get a much more important one in the next.

In the report, the ICO called for prison sentences of up to two years for the illegal buying and selling of personal information. The maximum fine is £5,000, and courts often impose much less. “The fine is no deterrent to them,” says Jonathan Bamford, assistant information commissioner. One investigator used by local authorities as well as finance firms to find debtors was invoicing £120,000 a month. “People make so much money, they can get a fine and drive away from court in their Porsche,” says Bamford. The Department for Constitutional Affairs says it is reviewing the sentencing tariff. […]

Patient records

In the absence of tougher laws, the ICO sees the potential for much worse. “The government’s plans for increasingly joined-up and e-enabled public-sector working make the change even more urgent,” the report says. Medical professionals are already concerned about the risks of electronic patient records, which they think will be unpopular with patients who are uneasy about other sectors of government getting at them (see ‘Doctors voice concern over patient records’, below).

Indeed, the government has been playing fast and loose with some people’s data, according to a European court of justice ruling at the end of last month. The court said the 2004 deal between the EU and the US, under which airlines had to provide data about passengers travelling to the US, was unlawful because it breaches privacy rules. As a Guardian investigation last month (http://tinyurl.com/gxx5l) showed, the data sent as a result of that law means a discarded airline ticket stub can be enough to carry out identity theft.

But sometimes the problem lies inside government departments. In January, it emerged that the identity details of 8,800 Network Rail staff – who are civil servants – were stolen in 2003-04 and used to make fraudulent online claims for tax credits, costing the government millions of pounds. Alarmed at the rising levels of fraud through the online service, the government shut it last December.

Such examples are not encouraging about the government’s ability to protect or police the valuable data about us. Yet more is to come in the government’s largest project, which will join all the data about us and put it in a single place – creating a unique description of each of us for every government department. Enrolment on the National Identity Register, to be established by the Home Office under the recently passed Identity Cards Act, will, from 2008, be compulsory when renewing a passport – and compulsory for everyone some time after the next election (due by 2010), if the next government backs it.

The register can include a wide range of personal data, an audit trail of where and when the entry has been accessed, and reference numbers for other systems, including national insurance, driving licence and passport numbers, allowing for substantial joining-up.

The act imposes prison sentences of up to two years for those who illegally disclose information from the register. The ICO – which has reservations about other aspects of the scheme – takes this as its model for all illegal use of personal data.

But Phil Booth, national coordinator for the campaign group No2ID (www.no2id.net), says a two-year sentence will not deter criminals wanting to reach and influence jurors. “The problem is having all that data in one place, so it becomes trivially easy to compromise the system,” he says. He compares personal identity to the Titanic: “They are talking about linking all the watertight compartments, so if one is holed, you go to the bottom of the sea.” […]

http://technology.guardian.co.uk/weekly/story/0,,1792102,00.html 

My emphasis.

Hmmmmm. This is an interesting article. We already know about how the NIR could be abused, so I wont go into that aspect.

The structure of this piece is rather familiar. Do you know what I am talking about?

It is also interesting that the Guardian is using Tinyurl in the body of its articles; no, I didnt put it there, its actually on the site!

This article shows that someone is starting to understand the true nature of the NIR, and why it is being created. Your personal data is literally valuable in the money sense.

I have said before that your data belongs to you and is your real property. Furthermore it should not be sold collected or transferred without your permission and a royalty being payed to you.

Imagine getting a %60 royalty every time someone sells your name, address or other details? Every time you get junk mail, you would be paid! But I digress.

What this article fails to do is to turn the subject around and say, ‘you should not do this on any account’. This is as important as a subject can get, and in a circumstance like this, a firm stance needs to be taken to avoid disaster.

This entry was posted on Friday, June 9th, 2006 at 8:55 am and is filed under NIR.