This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

Who Can We Trust With Our Data?

Posted on 3rd November 2015

Show only this post
Show all posts in this thread.

The latest drama in the hacking saga, this time at Vodafone in the UK, really makes me wonder if anyone can be trusted with our confidential data.

The most recent hack in the news was of Vodafone UK, as reported by the BBC here: details of around 2,000 Vodafone customers were accessed. Before that there was TalkTalk (the latest BBC report is here), where hackers accessed around 1.2 million email addresses, names and phone numbers and 21,000 unique bank account details. At the beginning of October, hackers stole personal information on about 15 million T-Mobile US customers and applicants, as described in this BBC news story. Almost two years ago, payment details from up to 40 million credit cards were stolen through a hack of card payment machines in the stores of US retail giant Target (described in this BBC report). Remember, these are just a few examples (a lot of hacks do not get reported, especially when the targets are banks). So clearly, we cannot trust the companies with which we do business to keep data about us safe.

We ought to be able to trust our governments to keep our data safe (especially as they are hoovering up data (both legally and illegally) like it's going out of style, but no, it seems that we can't. This BBC report is just one of a series about a data breach in April this year at the US Office of Personnel Management (OPM): initial reports were that data about 4 million people were stolen; more recent reports are saying it is 21 million (which is 6.5% of the nation's population!). More recently there was a hack, purportedly by Anonymous, of the US Census Bureau in which hackers pulled down information on thousands of users, including email addresses, phone numbers, addresses, usernames and password hashes (i.e. encrypted passwords). The data includes information on Census and other federal employees, as well as members of organizations with user accounts for submitting audits to the site.

It really seems that no-one is able to keep data about us safe.

This inability to ensure data security just adds to the concerns (due to issues of privacy and censorship) that are regularly voiced about data collection in the modern world. One recent example, described in this BBC story, is that the former head of GCHQ (the UK equivalent of the NSA) has said that "Internet firms" (by which I assume he means Internet Service Providers - ISPs) should be forced (by legislation) to keep users' data. Another example is the ongoing story about Facebook and the Safe Harbour Agreement (an international agreement that recognised foreign and private data protection processes as "good enough" to meet European data protection standards), reported here by the BBC; the Safe Harbour Agreement was ruled invalid in early October 2015 by the European Court of Justice, clearing the way for Facebook to be taken to court for sharing personal data internationally. There are two separate issues with both cases: these firms should not, in principle, be collecting such data about anyone without just cause, and most certainly not when it cannot be guaranteed to be kept securely.

Since I work in IT, I do understand that there is no system which is 100% secure, but the ease and speed with which some of the recent hacks have been achieved means that basic efforts are not being made. The degree of protection that is afforded our private data does not meet my basic Terms and Conditions. Either do better, or stop keeping so much data about us.