Privacy and public trust Dr Ian Brown Oxford Internet Institute University of Oxford
Privacy and public trust
Dr Ian Brown
Oxford Internet Institute
University of Oxford
Revenue & Customs lose 25m records
Two discs containing names, addresses, DoB, NI no. and bank details of 25m people lost in the post
Chairman of HMRC immediately resigned
Impact of HMRC data breach
Alongside Northern Rock and misreported immigration figures, HMRC data loss had a dramatic impact on public trust
Source: IPSOS Mori Delivery Index. 946 British adults interviewed by telephone 23-26 Nov 2007
Significant political impact
15%
20%
25%
30%
35%
40%
45%
Jul-07
Aug-07
Sep-07
Oct-07
Nov-07
Dec-07
Jan-08
Feb-08
Mar-08
Approve govt record
Vote for tomorrow
Data: YouGov tracker poll for Daily Telegraph, 28/3/2008
Top 5 breaches since 2000
0
10
20
30
40
50
People affected (m)
HMRC DVA AOL CardSystems TJX
Data: attrition.org
Impact of breach on TJX
$5m after-tax charge against Q4 2006 $12m after-tax charge against Q1 2007
(investigating and containing the intrusion, beefing up computer security, communicating with customers, and various legal and other fees)
$118m after-tax charge against Q2 2008 ($11m in security consultancy fees and other expenses directly related to the attack and a contingency fund of $107m to cover liability payments arising from pending lawsuits)
Non-cash charges $21m expected FY 2009
Costs for business
Survey of 21 UK businesses spanning eight different industry sectors
Average cost of breach: £1.4m or £47 per compromised record
Abnormal customer churn rate of 2.5% after breach
38% saw breaches by outsourcers, consultants and partners, at a significantly higher cost
Source: Ponemon Institute 2007 Annual Study: UK Cost of Data Breach
EU data privacy concerns
Source: Eurobarometer #225 Data Protection in
the EU, Feb. 2008 p.8
Users’ privacy concerns
Comfortable to supply… Privacy concerns about…
B. Dutton, E. Helsper & M. Gerber (2009) Oxford Internet Survey
Surveillance and security
Source: Eurobarometer #225 Data Protection in the EU, Feb. 2008 p.48
Sharing medical data
Source: The Use of Personal Health Information in Medical Research, Medical Research Council, June 2007 pp.54-55
Conclusions
Data breaches in public and private sectors have had a significant impact on public trust
Concern over data protection is significant, enduring and extends beyond simple competence - public unhappy about extensive sharing even for purposes such as counter-terrorism and medical research