Saturday 19 January 2008

That Jeremy Clarkson story

I know I’m coming a little late to this story and there’s been a lot of debate about it. In case you’ve not read about this: the UK TV presenter Jeremy Clarkson published his bank details in a newspaper column, in which he claimed the furore about lost personal details from the HRMC was a fuss about nothing. Of course, a kind soul promptly used the details to set up a direct debit payment from Clarkson’s account to a charity.

On reflection, you could argue that in fact the system works – the UK’s direct debit scheme provides safeguards to protect the consumer, and to refund any disputed money. In this kind of situation, no doubt Clarkson is covered financially.

But you could imagine a consumer being less than happy if, say, the money taken out of their account meant they went overdrawn, other payments bounced, and they then had to sort out the unholy mess.

And Clarkson himself says he only discovers the loss when he read his bank statement – how many people do that every month? And would they notice the loss if it was £50 not £500?

For me, it does highlight two important issues: firstly, the context in which personal data is used is important. As many commentators have said, Clarkson only divulged information that we give to anyone whenever we give them a cheque. But, he did so in a highly public way. “Security by obscurity” has long been a facet of protecting data, and shouldn’t be forgotten when risk is being assessed.

The second key point is that it’s much, much easier to not leak data in the first place, than to deal with the consequences even if there is no nominal financial risk. As I mentioned, the UK’s banks guarantee to refund any money that a consumer loses due to a mistake with a direct debit. In practice, I imagine it’s still a difficult process to go through, and can cause much inconvenience. It’s the same with any company’s data – you might theoretically not have any negative consequences of a leak, but managing the process when information goes missing can be time-consuming and costly.

No comments: