Here is more context on the HMRC identity catastrophe.
According to Terri Dowty, Director of Action on Rights for Children (ARCH):
“This appalling security lapse has placed children in the UK in immediate danger especially those who are already vulnerable. Child Benefit records contain every child’s address and date of birth [italics mine – Kim]. We are not surprised that the Chair of HMRC’s Board has resigned immediately.”
Last year Terri Dowty co-authored a report for the British Information Commissioner which highlighted the risks to children’s safety of the government’s policy of creating large, centralised databases containing sensitive information about children. But he says the government chose to dismiss the concerns of the report's authors.
Dowty's experience is a clear instance of my thesis that reduction of identity leakage is still not considered to be a “must-have” rather than a “nice-to-have”.
“The government has recently passed regulations allowing them to build databases containing details of every child in England. They have also announced an intention to create a second national database containing the in-depth personal profiles of children using services. They have batted all constructive criticism away, and repeatedly stressed that children’s data is safe in their hands.
“The events of today demonstrate that this is simply not the case, and all of our concerns for children’s safety are fully justified.”
The report ‘Children’s Databases: Safety and Privacy’ can be downloaded here.
Today the “inconvenient” input of people like Terry Dowty is often dismissed – much the way other security concerns used to be – until computer systems began to fall under the weight of internet and insider attacks…
I urge fellow architects, IT leaders, policy thinkers and technologically aware politicians to consider very seriously the advice of advocates like Terry Dowty. We can deeply benefit from building safe and privacy-enhancing systems that are secure enough to withstand attack and procedural error. Let's work together to translate this thinking to those who are less technical. We need to explain that all the functionality required for government and business can be provided in ways that enhance privacy, rather than diminish it or set society up for failure.
