The inherent value of personal data
November 15th, 2006The information commissioner signalled a crackdown last night on companies that steal and sell sensitive details of people’s private lives after a prosecution exposed the growth in data theft.
This is certain to increase exponentially once State imposed registers are integrated with the proposed National Identity Register.
Richard Thomas, the official privacy watchdog, said he was investigating a number of organisations that have bought personal data such as details of bank accounts, tax returns and mortgage payments.
All this will become trivial when the NIR is implemented and people are coerced into using it to authorise financial transactions, (inter)national travel, access NHS records and the like.
He warned of raids and prosecutions after the conviction yesterday of a husband and wife who made £140,000 a year selling private financial information obtained by deception.
This is value is just for selling data nevermind its further misuse for fraud. Once the NIR is implemented this value will soar as inherently non-revokable biometric information on those who register will become available to those with the contacts/skills.
The Guardian has learned that two of the country’s leading law firms – Mishcon de Reya and Arnold & Porter – were linked to the couple’s scam. The firms deny any knowledge of illegal activity, but confirm they hired private detective agencies to find out information for their clients.
Showing that it will be easy to dupe those companies who legally pay for access to NIR information (in order that the project remains self financing). Once the foot is in the door this information can be used to leverage more and more information which will allow access to the correlated NHS, etc. databases.
The privacy watchdog suspects some big companies are exploiting the trade in personal data, which has been driven by the growth in computer databases and call centres operated by banks, utility companies and government departments.
Mr Thomas wants to widen his investigations to pursue those who buy personal data, as well as those who make a living selling it.
As you can see the activity of personal data theft/trading is directly linked to it being on the databases that are used by organisations ipso facto if you are not on a database your data cannot be stolen. If you do not register on the NIR and refuse to acknowledge it in your private transactions its cancer will not spread to private the databases you may consent to be on. (Incidentally the centralised biometric database should cause serious worries for certain institutions that already rely on privately held biometric authentication devices).
He will also campaign to persuade Lord Falconer, the constitutional affairs minister, to increase penalties. He wants jail terms for data thieves but is opposed by some newspapers, who say it would be a threat to free speech.
“These are serious offences, which are highly damaging to the individuals concerned. People’s personal details ought not to fall into the wrong hands,” Mr Thomas’s office said yesterday.
The wrong hands are anyone’s who would punish you into complying with an inherently damaging system.
A court heard how Sharon and Stephen Anderson had made a career out of bogus phone calls to penetrate the details of people’s bank accounts and tax returns all over the country.
This will be more serious with NIR and linked databases.
In what Mr Thomas has described as a thriving black market in personal information, the pair were hired as sub-contractors by three detective agencies, Carratu International, Fleet Investigations and Keypoint Services, all of which denied knowledge of the couple’s crimes committed on their behalf.
Guardian inquiries reveal that the ultimate clients in yesterday’s case included a Japanese air-conditioning firm, Daikin, and a US insurance company, CNA. Those firms too, say they were unaware illegal methods were being used.
Data theft is an international problem and whilst our government wuld wish otherwise it does not have the international jurisdiction to enforce the safety of its proposed NIR database
The victims of “blagging”, as such bogus calls are known, included David Hughes, former chairman of the collapsed football shirts empire Allsports, and Jon Sanders, a Manchester insurance broker. They were both said to be indignant that their privacy had been invaded.
In the fully-documented society no one will be safe, people such as those above will carry out business from abroad and most likely emigrate once the stupidity of NIR and it’s invasiveness into daily affairs is fully comprehended.
At Huntingdon magistrates court yesterday, where the Andersons pleaded guilty to breaching the Data Protection Acts and were ordered to pay £14,800 in fines and costs, their lawyer said their firm, based in St Ives, Cambridgeshire, was purely devoted to commercial disputes. They denied ever acting for warring spouses or newspapers on what they said were “ethical” grounds.
But Phil Taylor, prosecuting for the information commissioner, said: “People have the right to feel their information is safe and secure”. He told the magistrates: “There is a real risk information can be used for sinister purposes.” Bogus callers could be used to extract personal information from databases on behalf of criminals, or to intimidate witnesses.
Quite, and with interlinked databases and non-essential demands for NIR authentication or other ways of gleaning biometric information (set up a night club and get fingerprinting?) it is likely most person’s could be gleaned remotely.