When the UK government loses CDs containing name, addresses, date of birth, child benefit and national insurance numbers and bank details relating to 25 million people (40% of the population), we must ask the question whether governments can be trusted with financial information on a large scale.
A comment by a reader of the Times Online underscored the gravity of the problem:
Given the large number of government employees that clearly have access to these databases, if the administration and security systems in place allow for this kind of data to be burned onto an external removable disc, then it is inevitable that such data already has been (or will be) deliberately taken and sold to identity theft fraudsters by a modestly paid, unscrupulous civil servant (it is unfortunately naive to assume everyone is honest).
This is an issue that has largely been addressed in banks and other financial institutions who have historically held our private data, and who have measures in place to prevent such extraction of confidential data.
The idea of a “momentary blunder” or accidental loss seems to miss the real risk.
It is true that the private sector is a little better at handling data, but then the US telecom operators have shown that they are more than happy to part with data to the government even when the government requests the data illegally.
In the Indian context, I am worried about the huge amount of data that is being collected under the tax information network. Moreover, as India makes hesitant moves towards electronic payment systems, there seems to be a great deal of eagerness on the part of everybody including the tax authorities to collect and preserve all the transaction data. If somebody wants to do data mining on a few petabytes of data, that is fine, but who will ensure the safety of all the data? Whom can we sue if the data is lost or stolen?