Confidentiality doesn’t count for much in a society that can’t keep its secrets

As the amount of information held on all us grows, Sebastian Oake asks how worried should we be about our personal lives going viral.

The accidental leaking of supposedly private and personal information has almost become so regular as to set your clock by it.

This week, it was the turn of the Student Loans Company which mistakenly sent out the details of more than 8,000 students as part of a mass email. It blamed an administrative error, which was the same excuse given by Scotland Yard last month when it shared the email addresses of more than 1,000 victims of crime in a similar computer blunder.

Sign up to our daily newsletter

The i newsletter cut through the noise

Meanwhile over in India, questions have once again been raised about security amid allegations call centres are selling on confidential personal data, including credit card details and medical records, of more than 500,000 Britons. Finally, we shouldn’t forget the car insurance companies which last year were found to have been passing on details of those involved in crashes to ambulance chasing law firms.

Once, it would have required military precision and an Herculean effort to transfer the personal data held on each and every one of us into the wrong hands, but online databases have made the leaking of information just as easy as storing it.

“The information sent out in error by the Student Loans Company may not have contained bank details, but that doesn’t mean it isn’t useful to people,” says Nick Pickles, director of the privacy and civil liberties group Big Brother Watch. “If you were to go to a credit reference agency and say I have the email addresses of 8,000 in receipt of student finance, would you find it interesting, of course they would.”

Even if you put aside criminal activity and the occasional accidental slip up, the amount of information about each and everyone of us which can be accessed easily and legally is mounting fast.

While the information held by Council Tax departments, HM Revenue and Customs and the police should be watertight there are also other “official” lists that are available for anyone to view or buy, ranging from the good old phone book and its internet spin-offs to the Electoral Register, which lists your full name and where you live and reveals who you live with.

Away from official data, there is also a mountain of consumer behaviour information on you too. Every time you buy something online, enter a competition, join an organisation or fill in a questionnaire about your shopping choices, you are giving away things about yourself.

The Data Protection Act is there to prevent details being misused. Companies that ask you for information are only allowed to do it for “specified and lawful purposes” and also keep it “no longer than necessary”.

But unless you’ve ticked those tiny opt-out boxes, the company will bombard you with stuff about its products or services and pass your details on to “other carefully selected companies”. Even if you do tick the boxes, can you be sure the company takes any notice?

But let’s not assume that companies with something to sell are always unscrupulous. After all, they have to identify potential customers – they can’t just sit back and hope we will go to them. One of the tools they use is a database called Mosaic. This is a breakdown of Britain in marketing speak. It predicts what sort of people live in what sort of places, what sort of things they buy and how they live their lives. It is sold to businesses to help them “target, acquire, manage and develop profitable relationships”. It is also used by charities and political parties to help them find people likely to be sympathetic to their cause.

Mosaic can look at a particular postal sector and predict who lives there. I tried it out. I put in my own postcode, which covers part of the Yorkshire Dales. This is what I found out about myself. I am likely to be a Type C15 person with the tag “Upland Struggle” and “working hard in agriculture or tourism”. I am traditional, self-reliant and industrious. Many of my C15 cousins apparently live in the South West, Scotland and especially Wales, which is perhaps why the system has given us reference names of Dafydd and Sian. Within my area, there are higher than normal numbers of people in social class E, in other words casual or so-called lowest grade workers, unemployed people on benefits and those on state pensions.

There is more. I’m more likely to volunteer time for a good cause or give generous amounts to charity than normal, likely to take fewer holidays than normal, less likely to own a hybrid-electric car, more likely to believe children should eat what they are given, and more likely to be interested in reference books. I’m beginning to understand why “Sian” and I get calls from charities. In the old days, of course, we’d have been sitting ducks for encyclopaedia salesmen.

“We believe privacy forms part of the bedrock of fundamental freedoms,” says Emma Draper, of Privacy International, an organisation that defends the right to be private.

“Even if information held on us is not inherently embarrassing or harmful, we may still feel a sense of violation if it is handed over to a third party without our consent. 

“The ability to control who has access to what information about us affects our ability to create different kinds of relationships with different people. Everyone reveals or conceals certain aspects of themselves to present themselves in a way that is appropriate. It’s normal behaviour. For example, you wouldn’t necessarily want details of your sex life to be well known, just as you wouldn’t want everyone to know about your personal wealth. If you choose to reveal this information to certain people, that’s fine.”

Things got interesting recently when Google changed its privacy policy. Effectively it meant that data gathered from across its email, video and social-networking sites could be linked for the first time.

The change was accompanied by headlines which read: “Google will soon know more about you than your partner.”

Frightening stuff, but according to Big Brother Watch, which has written to the UK’s data regular, the Information Commissioner, asking for an investigation into the implications of the change, only 12 per cent of Google users have bothered to even read the new privacy policy.

“Companies should not be allowed to bury in legal jargon and vague statements how they may monitor what we do online, where we use our phones and even listen to what we say in calls,” adds Nick. “This change isn’t about Google collecting more data, it’s about letting the company combine what’s in your emails with the videos you watch and the things you search for and ultimately increase their profits.

“If people don’t understand what is happening to their personal information, how can they make an informed choice about using a service? Google is putting advertisers’ interests before user privacy and should not be rushing ahead before the public understand what the changes will mean.”

If you feel disturbed about your life being public property, remember that two can play at this game. Every one of us can check out addresses on the Electoral Register, find out how much our new next door neighbour’s paid for their house by signing up to the Land Registry and thanks to Google Earth we can become virtual curtain twitchers in streets hundreds of miles away.

All this without even looking at Facebook or Twitter, but do we only have ourselves to blame for this growing pile of information? “Social networking sites have changed things, not necessarily for the better,” says Emma. “There is an expectation that we should share things that once we wouldn’t have. People feel they’ve a right to know things about you.”


A new report by Big Brother Watch has highlighted the scale of lost or compromised personal data held by local authorities.

The group uncovered more than 1,000 incidents across 132 councils, including 35 which had lost information about children or those in care.

At least 244 laptops and portable computers were lost, along with 98 memory sticks and 93 mobile devices.

Yet of the 1,035 incidents, only 55 were reported to the Information Commissioner’s Office.

In another report, the organisation says that between July 2008 and July 2011 there were at least 806 incidents where patient medical records were compromised, including 23 incidents where patient information was posted on social networking sites.