I notice that Jeremy Clarkson has had his arse handed to him after ridiculing the uproar that occurred following the HMRC’s loss of CDs containing the personal information of 25 million Britons.
First came his effort in The Sun:
Clarkson published details of his Barclays account in the Sun newspaper, including his account number and sort code. He even told people how to find out his address.
“All you’ll be able to do with them is put money into my account. Not take it out. Honestly, I’ve never known such a palaver about nothing,” he told readers.
Then came his retraction in The Times (owned, like The Sun, by News Corp.):
“I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account,” he said.
“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.
“I was wrong and I have been punished for my mistake.”
“Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy.”
It’s certainly tempting to laugh at Clarkson and even feel smug about it, but that helps nobody. I attended a lecture last year by Bruce Schneier (this one, to be exact. LSE has released a video of the event here) on the economics of information security and the topic of identity theft (obviously) came up. His take, which I couldn’t agree more with, is that personal information security will not improve until appropriate incentives are put in place. In particular, those responsible for permitting a fraud to occur should be required to bear the full cost of that fraud.
Barclays (Clarkson’s bank) ought to be required, by law, to repay Clarkson his money but not get it back from the charity that it was paid to. You better believe that their security checks would be improved, and fast.
Side note: Yes, it was also Barclays that I was speaking about the last time I wrote about identity theft.
Update: It would appear that Mr Clarkson is indeed entitled to get his money back. That doesn’t make my point less valid. There are plenty of things that someone with your information can do that you can’t get cleaned up, at least not with a huge amount of trouble. They might try to take out a loan in your name, which affects your credit rating no matter whether it’s successful. They might try to get a passport with your name and their photo on it. They might do something that puts your name on the TSA’s no-fly list, meaning that you get detained at any US airport.