First published: 21st October 2009
At the end of the UK's National Identity Fraud Prevention Week, Sophos researchers Graham Cluley and Carole Theriault took to the streets of Bristol with a TV camera to find out how willing people were to divulge personal information. Most were willing to provide name, date of birth and email address. Then came the key question:
Would you give your personal identifiable information to a complete stranger?
With answers ranging from:
What, like I just did now? Obviously, yes I will.
To the rather less aware:
Although the angle presented is identity fraud, considering the current Review of the Personal Data (Privacy) Ordinance in Hong Kong, there are a lot of wider questions to ask:
- Why are organisations using non-secret information - such as ID card number, date of birth, and mother's maiden name, for authentication? Should organisations that do this be held financially responsible for the resulting identity fraud?
- We are highly social creatures that depend on myriad relationships in different contexts, is it feasible to restrict the flow of our identities?