In our ever-growing surveillance society, the average Briton is being recorded 3,000 times a week.
Richard Gray reports.
17 Aug 2008
In many cases information is kept by companies such as banks and shops, but in certain circumstances they can be asked to hand it over to a range of legal authorities
With every telephone call, swipe of a card and click of a mouse, information is being recorded, compiled and stored about Britain’s citizens.
An investigation by The Sunday Telegraph has now uncovered just how much personal data is being collected about individuals by the Government, law enforcement agencies and private companies each day.
In one week, the average person living in Britain has 3,254 pieces of personal information stored about him or her, most of which is kept in databases for years and in some cases indefinitely.
The data include details about shopping habits, mobile phone use, emails, locations during the day, journeys and internet searches.
In many cases this information is kept by companies such as banks and shops, but in certain circumstances they can be asked to hand it over to a range of legal authorities.
Britain’s information watchdog, the Information Commissioner’s Office, has called for tighter regulation of the amount of data held about citizens and urged the public to restrict the information they allow organisations to hold on them.
This newspaper’s findings come days after the Government published plans to grant local authorities and other public bodies access to the email and internet records of millions. Phone companies already retain data about their customers and give it to 650 public bodies on request.
The loss of data by Government departments, including an incident where HM Revenue and Customs mislaid computer disks containing the personal details of 25 million people, has heightened concerns about the amount of information being stored.
David Smith, deputy information commissioner, said: “As more and more information is collected and kept on all of us, we are very concerned that appropriate safeguards go along with that.
“People should know what is happening with their information and have a choice.
“Our concern is that what is kept with the justification of preventing and detecting terrorism, can then be used for minor purposes such as pursuing people for parking fines.”
Earlier this year the Commons home affairs select committee recommended new controls and regulations on the accumulation of information by the state.
Every day the average person makes three mobile phone calls and sends at least two text messages.
Each time the network provider logs information about who was called as well as the caller’s location and direction of travel, worked out by triangulation from phone masts.
Customers can also have their locations tracked even when they are not using their phones, as the devices send out unique identifying signals at regular intervals.
All of this information can be accessed by police and other public authorities investigating crimes.
Internet service providers (ISPs) compile information about their customers when they go online, including name, address, the unique identification number for the connection, known as an IP address, any browser used and location.
They also keep details of emails, such as whom they were sent to, together with the date and time they were sent. An average of 50 websites are visited and 32 emails sent per person in Britain every day.
Privacy campaigners have expressed concern that the country’s three biggest ISPs – BT, Virgin Media and TalkTalk – now provide this data to a digital advertising company called Phorm so that it can analyse web surfing habits.
ISPs are already voluntarily providing information they hold about their customers if requested by law enforcement agencies and public authorities. A consultation published last week by the Government would make it a legal requirement for ISPs to provide a customer’s personal information when requested. A total of 520,000 requests were made by public officials for telephone and internet details last year, an increase from around 350,000 the previous year.
Internet search engines also compile data about their users, including the IP address and what was searched for. Google receives around 68 searches from the average person each day and stores this data for 18 months.
Dr Ian Brown, a research fellow on privacy at Oxford University, said: “Companies such as Google and internet service providers are building up huge databases of data about internet users.
“These companies may be compelled, through a legal action, to hand over this information to third parties or the Government, or the companies may lose the data and it can then be misused.”
Store “loyalty” cards also retain large amounts of information about individuals who have signed up to use them. They link a person’s personal details to the outlets used, the transaction times and how much is spent.
In the case of Nectar cards, which are used by more than 10 million people in Britain once a week, information from dozens of shops is compiled, giving a detailed picture of a cardholder’s shopping habits.
A spokesman for Loyalty Management UK, which runs the Nectar programme, insisted that information about the items bought was not compiled, but some partners in the scheme, such as Sainsbury’s, use their till records to compile that information.
She admitted that the personal information that is compiled under the Nectar scheme is kept indefinitely until individuals close their account and ask for their information to be destroyed. In criminal inquiries, police can request the details held by Nectar.
Banks can also be required to hand over personal account information to the authorities if requested as part of an investigation.
They also provide personal data to credit reference agencies, debt collectors and fraud prevention organisations.
Debit and credit card transactions can give information about where and on what people are spending their money.
The biggest source of surveillance in Britain is through the network of CCTV (closed-circuit television) cameras. On average, an individual will appear on 300 CCTV cameras during a day and those tapes are kept by many organisations for indefinite lengths of time.
On the London Underground network, Transport for London (TfL) keeps footage for a minimum of 14 days. TfL operates more than 8,500 CCTV cameras in its underground stations, 1,550 cameras on tube trains and up to 60,000 cameras on buses.
Network Rail refused to say how many CCTV cameras it operates or for how long the footage is kept.
Britain now has more CCTV cameras in public spaces than any other country in the world. A study in 2002 estimated that there were around 4.2 million cameras, but that number is likely to now be far higher.
Number plate recognition
The latest development in CCTV is the increased use of automatic number plate recognition systems, which read number-plates and search databases for signs that a vehicle has been used in crime.
A national automatic number plate recognition system is maintained by the Association of Chief Police Officers along motorways and main roads. Every number plate picked up by the system is stored in a database with date, time and location for two years.
Travel passes such as the Oyster Card used in London and the Key card, in Oxford, can also reveal remarkable amounts of information about an individual. When they are registered to a person’s name, they record journey history, dates, times and fares.
A spokesman for TfL, which runs the Oyster Card system, insisted that access to this information was restricted to its customer services agents.
Police, however, can also obtain this information and have used Oyster Card journey records as evidence in criminal cases.
Employers are increasingly using radio-tagged security passes for employees, providing them with information about when staff enter and leave the office.