Sunday, November 25, 2007

Post Childbenefitgate - Facebook is still bad for your wealth

While the world continues to fail to comprehend how a government could casually lose the personal data of half its population by putting a DISC in the POST , my colleague Ian Brown (Blogzilla) is right to note that personal data is still just as likely to be compromised by commercial actors as government departments. And we- especially the younger part of our population - just keep giving the stuff away.

In particular the ICO has just issued a warning about the dangers for youth of giving away personal data which might well be used for identity theft on sites like MySpace, Facebook, etc.

"As many as four and a half million* young people (71%) would not want a
college, university or potential employer to conduct an internet search on
them unless they could first remove content from social networking sites,
according to new research by the Information Commissioner’s Office (ICO).
But almost six in 10 have never considered that what they put online now
might be permanent and could be accessed years into the future.

The research findings are unveiled as the ICO launches a new website at to help young people understand their
information rights. The first section contains tips and advice on safe social

As well as not thinking ahead before posting information on the web, the
survey of Britons aged 14-21** also revealed that youngsters’ online
behaviour is a gift to potential fraudsters. Two thirds (eight in 10 girls aged 16-
17) accept people they don’t know as ‘friends’ on social networking sites and
over half leave parts of their profile public specifically to attract new people.
More than seven in 10 are not concerned that their personal profile can be
viewed by strangers and 7% don’t think privacy settings are important and
actively want everyone to see their full profile. "

Meanwhile, back at governmental data leaks, it's worth noting that the ICO was hastily given "stop and search" powers by Gordon Brown to audit government departments dealing with personal data in the immediate wake of Childbenefitgate.

But this really just isn't good enough. We desperately need decent penalty powers for the ICO - the current enforcement notice procedure is simply not adequate - but more than that, we also need mandatory security breach notification, the very measure which was strongly recommended by the House of Lords Personal Internet Security Report, and then rejected by the Government only weeks ago as completely unnecessary. And Richard Thomas, quite rightly, is calling for security breaches of this magnitude to be made a criminal offense.

No comments: