Somewhat predictably, the “privacy” lobby1 has been taking advantage of the increased publicity after the recent H.M. Revenue & Customs debacle.
However, the entire debate is marred by the fact that all of the people shouting the loudest are completely missing the point.
The problem is not really that HMRC has just lost 25 million sets of personal details. That’s very careless of them, of course, and it’s quite right that they should be chastised for it. But that isn’t really the problem.
The problem is that the Government, the banks, building societies, lenders and credit reference agencies use your personal details as an identifier for you, without authentication of any sort. If it weren’t possible to take out a loan in someone else’s name just by knowing a few personal details, the loss of data from HMRC would be incompetent, but largely inconsequential.
The right fix is not to enact new and even sillier laws to “protect” our personal data—to do that would be to treat the symptom, not the cause. The right fix is to close the loophole that is being exploited by so-called identity thieves2. And the loophole is the fact that the Government doesn’t issue us with a decent identity mechanism that can be positively authenticated3.
The sad thing about this entire affair is that identity cards, done right, would solve this problem in a fairly satisfactory manner, and without posing any real risk of loss of privacy.