The return of the ID card debate

The UK Government’s embarrassing loss of 25 million citizens’ personal details has reignited the ID card debate


By Pete Swabey

ID cards data protection

It was the most highly publicised data breach of all time. And when details of the loss by HM Revenue and Customs (HMRC) of 25 million UK citizens’ personal data emerged in November 2007, it was not long before the nation’s attention turned to the Government’s controversial proposals for a national identity card.

Up to 25 million Britons now face worries that their bank details could fall into criminal hands, after two HMRC disks containing their details were lost in the post. So does data loss on that scale demonstrate that the state should not attempt to store large volumes of personal data? Or does it actually demonstrate that citizens need the security that a biometric ID card would bring?

Under the current ID card proposals, the UK Government would store an unprecedented volume of sensitive personal information — and given its reputation on protecting data, those plans need rethinking, insists George Osborne, the shadow Chancellor. The child benefit scandal should be the “final blow” for the national ID card scheme, he says: “They simply cannot be trusted with people’s personal details.”

Conversely, Government officials believe that the mistakes that led to the HMRC’s data breach underscore the need for a national ID system. Home Secretary Jacqui Smith argues that the identity system will make ID fraud harder by enforcing dual authentication of biographic details — similar to those lost by HMRC — with biometric data. The biographic and biometric data will be stored in separate databases. “It is an increased protection even against times when people’s biographic details are actually stolen or lost,” argues Smith.

Many business leaders will recognise the ‘chicken and egg’ dilemma facing the Government. It insists the ID card is central to plans for offering better public services, yet there may be reluctance to hand over additional information when its track record on data protection is seemingly so lamentable.