Identity theft

What is a Personal Identity?

A personal identity is details and data which make a person who they are and different from everyone else the details can range from date of birth to the bank they are with.

How could it be lost?

1.            Legal methods - data harvesting

Data harvesting using legal methods is when you give someone your data and therefore they can create a database about you, however they may not make it obvious that you are legally giving your data to them so that they can collect your data this could be by ticking a small box when reading the terms and conditions but it is already ticked. The database they create is usually used to pinpoint your interests and what you like to send you advertisements based on what you might actually be tempted to buy.

2.            Giving it away - users careless - social media etc.

People give away their data when putting it onto social media; so much data can be harvested from one person’s Facebook page- their birthday, relationship status, parents’ names etc.

3.            Illegal methods - hacking & viruses etc.

Some thieves hack your computer to get your data to sell to advertising companies or to steal money from your bank accounts- to stop this you should use passwords and firewalls.

Consequences of ID Loss

Consequences of ID loss are things such as being impersonated by others who can then get your money from the bank or change details.

Information Commissioners Office:

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. (from the web page ico.org.uk)

Data Protection Act - UK & Europe

The data protection act was first installed in the UK and Europe to keep personal data covered and not let it be stolen as easily.

 8 Data Protection Principles

  1. The 8 data protection principles are: Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
    (a) at least one of the conditions in Schedule 2 is met, and

    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2.      Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3.      Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4.      Personal data shall be accurate and, where necessary, kept up to date.

5.      Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6.      Personal data shall be processed in accordance with the rights of data subjects under this Act.

7.      Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8.      Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

(Taken from the web page ico.org.uk)

2.            Rights of the Data Subject

The data subjects state that the subject has:

A right of access to a copy of the information comprised in their personal data;

A right to object to processing that is likely to cause or is causing damage or distress;

A right to prevent processing for direct marketing;

A right to object to decisions being taken by automated means;

A right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and

A right to claim compensation for damages caused by a breach of the act.



Responsibilities of the Data User

The responsibilities are quite simple and easy to do so that people can’t get hold of your details. The first step is to not give away details to anyone and anything that asks for them. Also it would be helpful to install a firewall to stop data being taken by viruses.


1. Data is something which is collected to be useful as part of a filing system to help with the task at hand so for example a bank needing details when making a payment.

2.            Data Subject is the person who is the subject of the data being used.

3.            Data User the person who selects the data and decides how it is processed (the person who uses it).

4.            Data Manager is the person who is legally allowed to collect the data.

Privacy & Electronic Communication Regulations

They give extra privacy and protection whilst sitting alongside the data protection act and their main rules are to protect marketing calls, emails, faxes and texts.

Responsibilities & Obligations

The responsibilities and obligations of the user are that they must keep track of where their data is and who they gave it to as well as not giving it out to various places that don’t need it.


1.            Person is an individual receiving the call from the telephone company.

2.            Caller is the person making the phone call.

3.            Subscriber is the person paying for the telephone line.

Solicited & Un-solicited Marketing

Solicited marketing is specifically asking for something so that you do not have to worry about PECR regulations however you do have to give a name and contact details. An unsolicited message is when it is not requested specifically and therefore even if someone has ‘opted in’ selling something to them would still be unsolicited.

Opt in and opt out clauses:

When you are on a website or signing up to something there is an opt in or opt out tick box which you can select if you wish to but you have to have the option.

Complying with the regulations

Basically it means in brief that if a website has any rules then you have to follow them.


Data Protection Presentation