Engineers warn of government and corporate database risks

The Royal Academy of Engineering has called on the government to manage the risks posed by huge public databases and tracking technologies and for stricter guidelines covering companies’ use of personal information.

Share




The Royal Academy of Engineering has called on the government to manage the risks posed by huge public databases and tracking technologies and for stricter guidelines covering companies’ use of personal information.

A report published by the academy warns that government moves towards providing more services electronically, and the compilation of massive data sources such as the National Identity Register, carry major risks.

Complex databases and IT networks can suffer from mechanical failure or software bugs, while human error can lead to personal data being lost or stolen, the report says. It calls for the government to take action to prepare for such failures, using engineering expertise in managing the risks posed by surveillance and data management technologies.

Professor Nigel Gilbert, who chaired the academy working group that produced the report, said: "Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare.

“However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled."

He added: “Engineers' knowledge and experience can help to 'design in privacy' into new IT developments. But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously."

The report calls for stricter rules covering for companies’ use of personal data. Firms should be required to store data securely, to notify customers if data is lost or stolen, and to explain what the data is used for.

For many electronic transactions, assurances about a customer’s age or ability to pay ,ay be needed, but confirmation of identity is not, the report says. Authorisation, not identification should be all that is required.

Professor Gilbert said: "It should be possible to sign up for a loyalty card without having to register it to a particular individual - consumers should be able to decide what information is collected about them.

"We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years' time, knowing how many donuts we have bought?"

The report also examines surveillance and tracking technologies such as CCTV and radio frequency ID (RFID) tags.


Find your next job with computerworld UK jobs