09 January 2008

Clarkson's Bank Account

Jeremy Clarkson admits he was wrong to claim that leaked bank account numbers are a problem, after £500 is withdrawn from his account.

The thing is he was actually correct. Someone claiming to be him gave his details to the charity Diabetes UK, setting up a direct debit. Anyone can do that to anyone, if, for instance, they've ever seen one of their vicitm's cheques. Under the rules, the bank will refund his £500 as soon as he tells them he didn't authorise it. Banks are fussy about who they will allow to receive direct debits - it would be very difficult to carry out an actual theft, as opposed to a prank like this, using this method.

Obviously this sort of prank will be a nuisance to the victim, but it's of the same order as signing someone up for hundreds of catalogues.

Clarkson now says of the case: "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

Again, this is to misunderstand the problem. As I said before, the issue is not idiocy, it is the inevitability that data collected this way will leak. Clarkson's original error was not in claiming that the actual content of the lost data in this case was not damaging, but in not understanding that the next major leak (or perhaps a previous one, because the fact that the leak became public knowledge is much more surprising than that it happened), may be of more sensitive data - health records from the new health database, say, or actual financial data from HMRC, or lists of vulnerable children from the new database of every child in the UK. The conclusion we should draw does not involve cocktail sticks, it is that the government shouldn't collect information it doesn't absolutely need.