The Privacy, Identity & Consent Blog

Media attention is shifting away from London Heathrow's new Terminal 5. A backlog of 28,000 bags is being cleared via Milan, and the number of cancelled flights seems to be gradually coming down. But what about the biometric security controls?

HSBC has admitted the loss of a CD containing 370,000 customers' details that were destined for a reinsurer. Apparently the normal network connection was unavailable, so a password-protected CD was burned and bunged in normal Royal Mail post. Of course it never arrived. Sound familiar? What sort of maniac could possibly authorise such an action in light of the publicity around HMRC? Are they dead? Or in a coma? Or have they travelled back in time?

A few days in the stocks for whoever authorised this sounds like an appropriate punishment.

Tony reports that the board of HM Revenue & Customs has been suspended following an external review of last November's loss of child benefit data. Since the incident, three non-exec directors have stepped down, one has resigned and another has moved to a new job. The Chancellor's public statement on the incident and subsequent resignation of HMRC's acting chairman were widely reported. The board will be replaced with an Executive and Advisers Committee pending a reorganisation.

Whilst the incident itself should of course never have been allowed to happen, the subsequent transparency and accountability is very welcome indeed. Finally we see senior executives held to account for privacy breaches. Not so long before, senior civil servants would have been able to shrug off such an incident and blame it on the system / a junior clerk / external suppliers / flawed systems inherited from the previous government* [delete as appropriate]. Hopefully this will put an end to such attitudes, and executives across the public and private sectors will follow HMRC's example by taking privacy seriously.

High-profile online advertising service Phorm is holding an open meeting with its supporters and critics this evening. The meeting will be chaired by Dr Ian Brown, and speakers include Simon Davies, Dr Richard Clayton and Kent Ertegrul, CEO of Phorm.

A meeting of this type is unprecedented: Phorm are taking the stage with critics and supporters alike, and the CEO and CTO will be open to questions from the audience. If you have a criticism of, or interest in, Phorm then you need to be there. It's an open meeting, so anyone can attend. Location details, timings and registration are available here.

Infosecurity starts today, and it will doubtless be the biggest, busiest and boldest conference yet. So why am I feeling rather underwhelmed at the prospect?

At Monday's Enterprise Privacy Group meeting, a debate arose around the value of identity management - and in particular the Identity Metasystem - in the grand scheme of human endeavour. Why do we fret about identity when there are lots of apparently bigger issues out there? But stacked up against climate change, curing cancer and ending world hunger, identity management is a lot more important than you might think.