Paul Toal, Principal Architect for a UK based IT security company, has posted one that makes the mind churn: 

Not long ago I was on a night out with some work friends. As is customary on these nights out, we ended up at a casino. Don't get me wrong, I aren't a hardened gambler. I only go to eat the free sandwiches and spend my £20 spending money :-)

However, back to the story. This particular casino was not one that I had been to before and as a result I wasn't a member. “No problem” I was told by the lady behind the counter. Your friend who is a member can sign you in as a guest. I was asked if I wanted to join and politely (and drunkenly) declined. “We need some identification. Can I have your driving licence?” said the lady. Dutifully I handed it over expecting her to have a quick glance and pass it back.

However, instead of the courteous check, off she trotted to the back room with my licence. A few minutes later, back she came and gave me my licence back with absolutely no explanation of where she had been. Upon asking her, I was told that she had taken a scan of my licence and would retain it on record.

In my slightly inebriated state I thought nothing of it. However, the next day, after the hangover had subsided, this started to bother me.

1) How do I know what they are going to do with that?

2) How long are they going to retain my information?

3) Who within their organisation has access to that information?

Since my licence is a trusted proof of identity, it worries me that it is kept on file at some casino. In the UK we have the Data Protection Act 1998 which protects against misuse of personal data but how do I know that this is adhered to within this casino.

At one time or another I think we have all been guilty of handing over our personal information without too much regard as to what the person requesting it is going to do with it. In that one transaction alone, I broke at least the first 3 laws of Kim Cameron's 7 laws of Identity!!

I don't want to give anything away by appearing to be too much of an expert on European casinos, but the experience Paul describes is not wholly unknown to me – except it was my Passport that was whisked away.  From conversations I have had during some quintessentially bizarre and momentary winning streaks, I think Paul would be surprised at the kind of international databases that are maintained. And it would be really fascinating to see how, for example, the European privacy legislation has impacted the Casino Royale – or the local hotel.  Can anyone tell us?

Meanwhile, I wonder if there is some blood alcohol level after which informed consent no longer applies? 

Published by

Kim Cameron

Work on identity.


  1. Pingback: Here, Now
  2. Pingback: Emergent Chaos
  3. Pingback: Anna Liu's Weblog
  4. Pingback: IEBlog

Comments are closed.