About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« The Tr* scheme | Main | Live from London »

The great data disaster of 2007

By davebirch posted Nov 21 2007 at 7:54 AM
[Dave Birch] Half way through the Digital Identity Forum yesterday, the session chair announced (hot from his Blackberry) that the British government -- specifically, the Child Benefit Agency -- has lost the personal details of every parent in the country and as a result someone has resigned. I haven't had the energy to try and figure out why on Earth in 2007 government departments would be posting CDs to each other rather than using PGP or S/MIME on the interweb, but there you go. Anyway, by this morning there was an identity theft media frenzy never before witnessed in our green and pleasant land. I woke up to breakfast TV in the hotel and every channel was leading with the story. I've just seen the Chancellor of the Exchequer being interviewed on Sky and I actually felt sorry for him: some of the questions were ridiculous (eg, won't the fraudsters wait a few years before they obtain credit cards in our children's names). For a more measured response, see here: Forum friend Ian Brown was whisked away from the Digital Identity Pub Quiz to appear on BBC's Newsnight.

Technorati Tags:

I'm not panicing, of course. For one thing, the government has set up helpline (0845 302 1444). Phew! For another, any dedicated identity fraudster desperate to get hold of Child Benefit Records would have done so already and the chances of them having been stolen by opportunistic identity thieves is (to my mind) slim. If I were a betting man, which I'm not, I'd bet that the missing CDs are down the back of the metaphorical sofa somewhere. This is not to minimise the issue: personal details shouldn't be being passed around in the clear. But the chances of anyone being a victim of identity theft because of this kind of data breach (if it was a data breach), frankly negligible. The biggest victim, in my opinion, will be the UK's national identity card that is just about to go to procurement: I imagine their press office will be busy today.

Some background for our foreign visitors: for reasons not entirely clear to me, the British government sends you cash every week if you have children. This is called Child Benefit. In order to waste as much money as possible, instead of simply raising the tax threshold for me and my good lady wife, the government takes the money away from me each month and then sends most of it back to my bank account via the Child Benefit Agency, which is part of Her Majesty's Revenue and Customs. It was a junior person at the Agency who took all of the records, put them on two CDs and posted them to oblivion.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference The great data disaster of 2007:


Hi Dave, have posted more on this on my blog. The crux for me is this:

The issue is for other people's security systems not for me! For example - someone could apply for a credit card or some such with 'my' details. Great. They could apply for it. Not me. They are responsible for any bill racked up on it. Not me. So the problem is for the system which makes knowledge of a few social details about me its dirty big key. They are making a few social details equivalent to my identity. Mistake.

David, if someone does apply for a credit card with your details, the chances are that they won't pay the bill and it will be you that will be chased for payment. Ultimately you probably won't have to pay either but you will face the hassle factor of proving that it wasn't you and sorting out the damage to your credit rating. Sure, you still have your identity and the bank or credit card company will be landed with the bill but you still end up with a problem, if only one of inconvenience.

The comments to this entry are closed.