BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Page last updated at 10:18 GMT, Friday, 2 May 2008 11:18 UK

Have Your Say: Identity theft precautions

Jeremy Clarkson
Jeremy Clarkson did not take the threat of ID theft seriously till stung
Many financial services companies are still doing
too little to protect their customers' personal
details, according to reports by three organisations this week.

The Financial Services Authority says many firms do not take seriously the
threat of data they hold being
stolen and used for crimes like identity theft.

And the Information Commissioner's Office has revealed financial firms were involved in half of all recent serious data breaches affecting companies in the UK.

Do you think companies are taking enough care of our details?

Perhaps a company lost your personal data - were you compensated or reassured?

Or maybe you are responsible for keeping customers' private information secure.

Are you an IT professional with experience of encryption?

We asked for your comments - a selection of which are below. The debate is now closed.

Companies have been reluctant to invest the money in protecting data
Dr. Bernard Parsons, London
There is no excuse for not protecting customer data. The tools and technology are available to encrypt data automatically so that it is invisible to staff working with the data. This means that it doesn't impede work and ensures that people don't forget to encrypt files. More often than not it comes down to budget. Companies have been reluctant to invest the money in protecting data, as until recently the business benefits have not been clear. A security breach along the lines of those seen in the press recently significantly harms an organisation's reputation.
Dr. Bernard Parsons, London

I have just been notified that HSBC have posted out a disc weeks ago, and my details were on the disc, and it has gone "missing". I did read the press close to when it happened, and it surprised me that HSBC had not been in touch. I wonder; if the press hadn't got hold of the information, would HSBC have contacted me at all? I trust HSBC to keep my information safe - and pay them extremely well to keep my information safe. I think it's even more important for HSBC to keep my details safe than my doctor. Obviously in light of this huge mishap, I have really lost confidence in my bank - and it isn't just my bank; it's my insurer, my retirement provider and executor.
Nathan, Leeds

It would certainly sharpen up the practices of organisations if the people whose details are compromised could claim compensation from the offending company. Surely, personal data should be carefully protected by the holder(s), and its loss treated as gross negligence on their part.
Mr A. Cooper, Teesside

There are systems out there to assist and prevent data loss so organisations have no excuse
Martin, Normanton
Speaking for a UK digital forensic company we are too often called in after an incident has taken place because many organisations are failing to have adequate protection from all threats that faces a business. Today's threats range from external hackers to the internal threat that has only just recently been labelled, however it has been around since the start of human life. Internal threats can range from malicious to simple user mistakes and companies need appropriate measures in place to ensure their data is protected at all levels. For example, enforce policies to protect data, encrypt data automatically when leaving the organisation, produce extensive audit trails and educate the user much more. Without turning this into a sales pitch I simply want to point out that there are systems out there to assist and prevent data loss so organisations have no excuse. They simply need to research new systems and procedures. I personally feel the media also need to identify these systems rather than just notify the public on the issues and results of data loss. If appropriate media light was given to such products then organizations would be aware of these high level information security systems.
Martin, Normanton

There needs to be a simple, but upheaving change in the way data is kept. Remove it from central databases and let individuals keep it themselves. How? On a smartcard. Technology today would allow everyone to keep all of their data (bank, health, ID, licences, etc) on a single card. When contacting any authority, simply present your card to enable any transaction. This is what the government ID card scheme should be about.
Antony Watts, Palma, Mallorca

There's no way of keeping our data safe when it is handed around in such a cavalier way
Chris Grey, Guildford
I recently bought a Sudoku book from a national newspaper and hence told them my details. At no stage did I agree to my data being used externally, but they still included it on a CD and sold it to a general insurance company. When the salesman called me, he was very reasonable and rightly unhappy about the data. After all, he thought he was calling people who wanted to be phoned. There's no way of keeping our data safe when it is handed around in such a cavalier way. Our data should be our own intellectual property and only passed to third parties if we agree in writing.
Chris Grey, Guildford

I'm an IT expert. The banks should have a customer password that identifies them to their customers when they call or use their website. That way customers can be confident they are actually talking to their bank. The cost of this would be fairly minimal and would stop some telephone and web fraud overnight.
Jonathan, Southport

No security system is perfect
Steve Smethurst, Manchester
Companies should not be trusted with our data, citizens should assume responsibility for it themselves. Aggressive enforcement of data protection laws would improve matters but does not defend against all mass repositories of sensitive data being the natural target of the criminal. No security system is perfect. These databases will be hacked, sooner rather than later. A better defence model is to not store the data centrally. If an individual's security is compromised then only one person's data is exposed. It is hardly worth the effort of cracking 25 million systems. Secure information pertaining to a customer's dealings with a company should be stored on the hard drive of the customer's own computer. Storage and transport can be encrypted and secure home systems can be made commonplace.
Steve Smethurst, Manchester

I feel that my mortgage lender is being quite irresponsible. When there is an interest rate change, they send me a letter to inform me of this, stating how much my new payments will be, which also states when it will be collected from my bank account, and goes on to give my sort code and account number. Surely it is not necessary to send all this information through the post. Anyone intercepting this letter will get my full name and address, mortgage account number, bank account number and sort code (identifying my branch). They could at least * out all but the last three digits of my account number, as is common practice on most shop till receipts for card transactions.
C Reeve, Lincoln

Why do the banks send sensitive data through the post without appropriate attention to safeguarding our data?
E Bradford, Newcastle upon Tyne
I recently received bank statements - the envelopes were not properly sealed so that the contents were open to all to view. When we are being encouraged to keep our data secure why do the banks send sensitive data through the post without appropriate attention to safeguarding our data? When I reported the facts to the savings bank I received financial compensation - perhaps more people should voice their dissatisfaction with the poor service we receive.
E Bradford, Newcastle upon Tyne

Has no one noticed the Kafkaesque absurdity of the million pound fine levied on Nationwide by the FSA? Nationwide is a mutual, it is owned by its customers, (I am one). My data was presumably stolen too. So the mutual is fined a million. Who loses? We, the members do. Not the directors. Why should the victims of a crime be punished for it?
Tony Peterson, Kendal

OK, so the regulator is going to get tough with companies which lose our data. what does he propose to do about government departments who do the same thing?
Derek Winslow, Weston-super-Mare

Shouldn't having data protection systems and encryption functions be a pre-requisite to doing business?
Catherine, Rutland
Sorry... Have I missed something, but shouldn't having data protection systems and encryption functions be a pre-requisite to doing business? Isn't the firm that doesn't have this in place actually committing an offence... i.e. by promising protection but failing to secure that? Part of the terms of business of any bank or financial institution is assurance on these matters. If that is contravened, that in itself is criminal in my book and I thought, that of the legislators? What is going on? This is criminal activity and yet again the FSA seems only to be interested in the cases that come to the fore because they are "found out". The focus is on punishment if data is lost but if you don't punish for lack of protection then how can we ever know what is lost? What has been cleverly stolen or copied through IT hacking, etc?
Catherine, Rutland

Identity theft does not exist. Surely what really happens is that banks give loans or pay funds to someone who is not the real customer. By calling it "identity theft" they are making it our problem to hide the fact that what has actually happened is that they have made an error.
A J Maple

The comments we publish are not necessarily the views of the BBC but will reflect the balance of views we have received. It is helpful if contributors state if they work for any organisation relevant to an issue discussed. Readers should form their own views on whether messages published represent undeclared interests, or views prompted by a common source.

Money Box



Download or subscribe to this programme's podcast

Podcast Help

Clarkson stung after bank prank
07 Jan 08 |  Entertainment
Call for bank action on ID theft
24 Apr 08 |  Business
Net gains for credit card thieves
30 Mar 07 |  Technology
Phishing attacks soar in the UK
15 Apr 08 |  Technology
'Lax standards' on data security
14 Mar 08 |  Politics
Personal data privacy 'at risk'
21 Feb 08 |  Business
External internet links
18 Apr 08 |  Moneybox

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

banner watch listen bbc sport Americas Africa Europe Middle East South Asia Asia Pacific