Careless talk costs lives

We can make our lives sublime
And, departing, leave behind us
Footprints on the sands of time

We all know what we mean by our ‘carbon footprint’. Goodness knows we’ve been talking about it long enough, and businesses are spending masses of time, and bags of cash, in trying to minimise theirs.

We’re also starting to understand what people mean by our digital footprint too. And it’s not good.

As the parent of teenagers, I’ve spent much of the past few years reinforcing the messages they are, thankfully,  hearing at school about the internet and their safety when using it. About how once something is ‘out there’, it’s there for good. No amount of pressing the delete button can ever completely erase something once it’s gone viral, or even just been opened and viewed. That, incidentally, is something I learned during an eye-opening stint of jury service.

This is especially relevant now that social media has grown to the monster it now is. Ain’t no getting that genie back in the bottle. I’m thankful that I am old enough to have committed most of my embarrassing moments pre-smartphone, and pre-Facebook. Especially…, well, if you know, you know.

These days, as I tell my children often, stupid stuff that in my day was just that, can turn into job-harming, reputation-mangling serious issues.

So, we need to be careful about the information that we put out there into the wider world. But what happens if we have to pass on that information? When we start a job, we have to hand over our names and addresses, and banking details else how will we get paid? The council needs to know who we are and where we live so that they can charge us council tax, and ensure our bins are emptied. The school, the dentist, the doctor, the DVLA, and any number of other government agencies need to know who we are, where we live, when we were born, how many children we have…

All that information gets stored somewhere, and no matter how many password-protected layers are put on that data, there is always someone who will be able to access that information because they need to.

Back in the day, customers’ details were kept on paper, in filing cabinets, often locked, with the key held by someone important enough or scary enough to be given custody of it. If you wanted to know something about a customer or supplier, you went to the filing cabinet and you looked it up. This wasn’t that long ago, either. However, as technology has developed, we now talk about CRM, about managing our customer relationships via the data we hold on them. All of us are someone’s customer, and our data – that we have given of our own free will – is being handled, used and stored in systems. Its safety is dependent upon, ultimately, not the complexities of a security algorithm, but a human being who has access to it. Computers and computer security systems as they currently stand – leaving out the AI thing which is a whole other scary world to get our heads around – are only as intelligent as the human who programmed them, and as secure as that human made them.

There’s no problem with that, so long as the data remains where it is meant to be, and is used solely for the purposes for which we handed it over. But as the news this week shows, too often our data is too easily accessible, either to people who know how to crack the systems, or because someone cocked-up. The Northern Ireland Police service breach, for example, may have been human error, but my God what an error. Anyone who grew up through the Troubles in the 1970s, 80s and 90s knows that it’s not unreasonable to fear that lives could be at risk if those details end up in the wrong hands. Norfolk and Suffolk police have since ‘fessed up that victims’ details were accidentally released, and it appears the names and addresses of 40 million registered voters were accessible after a cyber-attack on the Electoral Commission.

The problem is that we don’t know what people will do if they get hold of our details. They might do nothing, they might sell it on to scammers, they might use it to steal our identities. Does it matter if my Tesco Clubcard gets hacked and criminals find out I buy apples, crisps, cat food and wine on a weekly basis? Probably not. My address, birth-date, name and account details though, that’s far more worrying.

At the BMF Conference in June, cyber expert James Freedman opened his session with the promise that he wouldn’t be stealing anything out of delegates’ pockets, but that he could steal from them nonetheless. Identity, passwords, memorable information: all the things we share all the time as we go about getting our lives lived. We should all be taking our data security far more seriously than we do.