The Trust Foundation Understanding trust issues in the digital era.

Hope our U.S. readers had a good Thanksgiving holiday!

The Financial Times published an article this weekend, "Banks want Treasury to pay for ID theft", which points out some events that can play out when government created trust systems fail to work.

In what is described as "the biggest data security breach in British history", 25 million citizens of the UK had their private data lost in the mail on October 18th, when the British government sent 2 CDs containing sensitive data including bank account information via post. Although it's ridiculous to think that such sensitive data would be handled so insecurely, the situation becomes even more ludicrous when one discovers that the HMRC ("the Reveneue", Britain's tax agency) rejected the National Audit Office's request to remove sensitive info from the CDs before sending due to cost reasons--this doesn't pardon the NAO, rather it also puts fault with the HMRC, suggesting that there is a general disregard for personal data security in government agencies in the UK.

Not unexpectedly, there are consequences for such actions. Even though the government creates and supports the very trust systems that enable banks to operate--credit agencies, identification systems, and so forth--when the government puts these systems at risk like it did in the developing data loss scandal, it ultimately takes the fall. Britain's major banks have sent a letter to Alistair Darling, the Chancellor (cabinet member responsible for economic and financial affairs) demanding recompense for the anticipated loses due to identity theft stemming from the missing CDs.

These events emphasize that simply creating trust systems is not enough. Diligently eliminating weak links in the chain is a necessary and constant requirement for a viable trust system to function.