The Daily Mail article also reminded me of a conversation after an "awareness" event. I was asked to consider a similar exercise for a silver surfers by an organisation whose high value clients were being targeted by fraudsters who had all the information necessary for successful impersonations. They did not know if the problem was shared or peculiar to them. It was too commercially sensitive to talk with their competitors and they could find no leak or breach. Was it some-one in their supply chain? Was it a common problem: e.g. a fake "Cruises'Rus" website to harvest the details and preferences of high value silver surfers? They did not subsequently offer to help with funding, so I filed the conversation away.
Yesterday I was drafting a possible call for reform of the EU approach to Data Protection, Electronic Identities and Information Security. One of the high level recommendations was:
· "Regulation should focus less on what is stored, (given the many requirements of consumer protection regulators and others to retain that which is not required for business purposes) and more on who has access, under what conditions and how that right of access is checked and exercised."
We should never forget that what is retained for regulatory, not business, reasons is a potential honey pot for fraudsters.