Gallery

Who's the biggest threat to your identity? You.

Posted on 18 Apr 2007 at 11:05

A simple safeguard strategy is to employ software such as the freely available McAfee SiteAdvisor (www.siteadvisor.com), which integrates with your web browser to provide an at-a-glance safety rating of the sites you visit. In fact, by linking into Google it will warn you of dangers straight from search results, even before you click that link. The SiteAdvisor will warn if your info is shared, and if the site has links to other unscrupulous sites, for example. It isn't foolproof by any means, but remains a worthy front-line weapon.

And what should you look for in a site that's inviting you to divulge personal data? "A verifiable registered address, incorporation details, a phone number you can ring, and a company/website located in a country with an adequate legal system," according to Geoff Sweeney, chief technology officer at behavioural intelligence and threat management company Tier-3. A privacy statement that spells out how your data is used and protected is another indication that a company might, at least, have considered such matters.

Unnecessary risks

It's clear that people don't take online data disclosure as seriously as they do offline. Whereas in the real world there are times when we're all obligated to supply personal information in order to obtain a passport or apply for a job, on the internet we give it all up in the hope of being able to email someone we didn't much like at school. "Privacy and identity are becoming opaque," concludes Brian Contos, chief security officer at enterprise security management vendors ArcSight, and an expert in information risk management. "While most people agree that privacy is important, more are sharing otherwise private information by choice because doing so affords them some benefit, such as convenience or entertainment. There's even some apathy; with the threat of identity theft being seen as just another form of risk associated with living in the 21st century, like traffic and pollution." But perhaps we should leave the last word with Greene: "If you don't accept responsibility for your own data and security, it's like pinning your personal details to a lamp post and hoping no-one will read them."

What data do they hold?

A simple search will reveal what information is accessible about you at sites such as MySpace, Friends Reunited and Google. But is there an easy way to find out what information is being held about you by online companies that don't make the data publically accessible but, nonetheless, may share it with other companies that do? The answer is yes, but it isn't simple, reliable or cheap.

Companies are legally obliged to disclose this information upon written request (or "subject access request") under the Data Protection Act, but they can also charge a fee of up to £10, and so it soon becomes prohibitive to take this route for anything other than an occasional request. The DPA is rather toothless legislation. It bans the collation of excessive personal data, but nobody knows what data is held on them without spending time and money trying to find out. And just what is "excessive" anyway? "I'm not aware of any firms having been prosecuted for gathering internet data," Computer Associates' Steven Cox told us. "There's little chance of this happening, because the sort of company that would gather information in this way will put itself out of the legal jurisdiction."