It was the most highly publicised data breach of all time. And when details of the loss by HM Revenue and Customs (HMRC) of 25 million UK citizens’ personal data emerged in November 2007, it was not long before the nation’s attention turned to the Government’s controversial proposals for a national identity card.
Up to 25 million Britons now face worries that their bank details could fall into criminal hands, after two HMRC disks containing their details were lost in the post. So does data loss on that scale demonstrate that the state should not attempt to store large volumes of personal data? Or does it actually demonstrate that citizens need the security that a biometric ID card would bring?
Under the current ID card proposals, the UK Government would store an unprecedented volume of sensitive personal information – and given its reputation on protecting data, those plans need rethinking, insists George Osborne, the shadow Chancellor. The child benefit scandal should be the “final blow” for the national ID card scheme, he says: “They simply cannot be trusted with people’s personal details.”
Conversely, Government officials believe that the mistakes that led to the HMRC’s data breach underscore the need for a national ID system. Home Secretary Jacqui Smith argues that the identity system will make ID fraud harder by enforcing dual authentication of biographic details – similar to those lost by HMRC – with biometric data. The biographic and biometric data will be stored in separate databases. “It is an increased protection even against times when people’s biographic details are actually stolen or lost,” argues Smith.
Many business leaders will recognise the ‘chicken and egg’ dilemma facing the Government. It insists the ID card is central to plans for offering better public services, yet there may be reluctance to hand over additional information when its track record on data protection is seemingly so lamentable.
The experts' response…
Identity and Passport Service chief executive James Hall says that biometric authentication will ensure the protection of citizens’ personal data
The National Identity Register is not yet in place, so we will draw on any lessons to be learned from the HMRC incident, for example, by ensuring that a failure by a single individual could not lead to data loss. The Register will only hold core identity information, not tax, benefit or other financial records. The whole scheme will be fully security accredited, and an independent scheme commissioner will oversee its operation in addition to the role played by the Information Commissioner.
Peter Bradwell of political research house Demos believes the HMRC fiasco has undermined public trust in the ID card
The Government is not in a position to move ahead with ID cards; the HMRC scandal has revealed that. It doesn’t seem to be applying the same rigour as private businesses in handling private data, and it hasn’t got close to having an open, public debate about the topic. We shouldn’t forget that there are benefits to Government information sharing, but perception of trust is incredibly important. The Government has not made the case that ID cards would help protect individuals’ identity effectively enough.
Little faith in ID safeguards Internet banking and retailing could easily be sacrificed for identity protection.