84 percent of the UK public are revealing highly sensitive personal data online, such as postcode and date of birth, according to the results of a survey announced today of more than 1500 UK residents aged 16 and over.
Of the people who reveal their personal data online, 86 percent said they reveal their postcode and 84 percent their date of birth. Over a third (34 percent) also reveal their mother's maiden name, 29 percent reveal their place of birth and 10 percent give bank account information. Personal information is revealed even though 79 percent of those surveyed are concerned about fraud. Tickbox.net conducted the survey for the world's largest member organisation of information security professionals, (ISC)2.
Fraudsters can gain access to public and private records with personal information such as date of birth or mother's maiden name. Despite this fact, marketers continue to require people to register these details before they shop online, join a social networking group or receive regular updates/newsletters.
"People are aware of the dangers of providing personal and highly sensitive data online - such as date of birth and mother's maiden name and bank details - but they still do," said John Colley, managing director EMEA for (ISC)2 and former information security professional for some of the UK's largest banks. "This makes it easy for criminals to find and use their personal data for identity theft and fraud."
"Websites should not be forcing - or even asking - people to submit these personal details about themselves. Consumers that want to shop online or sign up to receive information or join a social network for example, often have no choice if they want to proceed with their transaction. Yet we would never give this information to a shop assistant or someone surveying us in the street. It's time that marketers changed their data collection practices and stop asking people to reveal sensitive data online," said Colley.
When giving personal information online, most people (76 percent) try to ensure that the site is secure and will protect their personal information. 76 percent tick the box asking for their details to remain confidential and 14 percent seek third party re-assurance that the site is legitimate. 11 percent research the site's validity with a relevant industry body.
"Even when a company says it will protect consumer information, there are no guarantees that its own network or Website may not be infiltrated by Cyber-criminals and, in turn, lose data," said Colley.
Already this year, there have been numerous cases of personal data theft - such as The Home Office's loss of data on all 84,000 prisoners in England and Wales; the loss of data for more than 25 million child benefit claimants by HM Revenue and Customs and the loss of 370,000 customer records by banking giant HSBC. "Ticking the 'keep information private' box is no longer enough. We shouldn't be asking people to give this information," said Colley.
These results come weeks after online consumers were warned to make better checks on the amount of personal information being held about them after a survey by the Information Commissioner's Office said 95 percent of people considered their personal information valuable.
The (ISC)2 survey also highlighted that:
• Most respondents (88 percent) provide personal information online more than once or twice a week and one in ten people reveal their personal details more frequently (9-10 times per week) (11 percent);
• Younger adults (ages 16-24) were less likely than other age groups to reveal highly sensitive data pointing to the increased awareness in this age group of the risks of data misuse online (5 percent do not give any personal information online);
• Older people are less likely to look for re-assurance that a website is legitimate from a third party. 40.2 percent of people ages 16-24 said they got re-assurance from a third party site of a website's legitimacy before they gave personal information away. This drops to18 percent for the 25-34 age group, 12 percent for the 35-44 age group, 11 percent for the 45-54 age group and continues to a mere 7 percent in the over 55 age group;
• 79 percent of participants are concerned about their personal information online. While 49 percent of respondents were somewhat concerned about whether their personal information was used for fraudulent purposes, 30 percent were definitely concerned and 19 percent were not really concerned. Only 2 percent of respondents were not at all concerned. Women were fractionally more concerned than men (81 percent vs. 77 percent of men).