Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

(ISC)2 survey highlights need for marketers to change data collection practices

London, UK, November 10, 2008 –84 percent of the UK public are revealing highly sensitive personal data online, such as postcode and date of birth, according to the results of a survey announced today of more than 1500 UK residents aged 16 and over. Of the people who reveal their personal data online, 86 percent said they reveal their postcode and 84 percent their date of birth. Over a third (34 percent) also reveal their mother’s maiden name, 29 percent reveal their place of birth and 10 percent give bank account information. Personal information is revealed even though 79 percent of those surveyed are concerned about fraud. conducted the survey for the world’s largest member organisation of information security professionals, (ISC)2.

Fraudsters can gain access to public and private records with personal information such as date of birth or mother’s maiden name. Despite this fact, marketers continue to require people to register these details before they shop online, join a social networking group or receive regular updates/newsletters.

“People are aware of the dangers of providing personal and highly sensitive data online - such as date of birth and mother’s maiden name and bank details - but they still do,” said John Colley, managing director EMEA for (ISC)2 and former information security professional for some of the UK’s largest banks. “This makes it easy for criminals to find and use their personal data for identity theft and fraud.”

“Websites should not be forcing – or even asking – people to submit these personal details about themselves. Consumers that want to shop online or sign up to receive information or join a social network for example, often have no choice if they want to proceed with their transaction. Yet we would never give this information to a shop assistant or someone surveying us in the street. It’s time that marketers changed their data collection practices and stop asking people to reveal sensitive data online,” said Colley.

When giving personal information online, most people (76 percent) try to ensure that the site is secure and will protect their personal information. 76 percent tick the box asking for their details to remain confidential and 14 percent seek third party re-assurance that the site is legitimate. 11 percent research the site’s validity with a relevant industry body.

“Even when a company says it will protect consumer information, there are no guarantees that its own network or Website may not be infiltrated by Cyber-criminals and, in turn, lose data,” said Colley.

Already this year, there have been numerous cases of personal data theft – such as The Home Office’s loss of data on all 84,000 prisoners in England and Wales; the loss of data for more than 25 million child benefit claimants by HM Revenue and Customs and the loss of 370,000 customer records by banking giant HSBC. “Ticking the ‘keep information private’ box is no longer enough. We shouldn’t be asking people to give this information,” said Colley.

These results come weeks after online consumers were warned to make better checks on the amount of personal information being held about them after a survey by the Information Commissioner’s Office said 95 percent of people considered their personal information valuable.

The (ISC)2 survey also highlighted that:

• Most respondents (88 percent) provide personal information online more than once or twice a week and one in ten people reveal their personal details more frequently (9-10 times per week) (11 percent);

• Younger adults (ages 16-24) were less likely than other age groups to reveal highly sensitive data pointing to the increased awareness in this age group of the risks of data misuse online (5 percent do not give any personal information online);

• Older people are less likely to look for re-assurance that a website is legitimate from a third party. 40.2 percent of people ages 16-24 said they got re-assurance from a third party site of a website’s legitimacy before they gave personal information away. This drops to18 percent for the 25-34 age group, 12 percent for the 35-44 age group, 11 percent for the 45-54 age group and continues to a mere 7 percent in the over 55 age group;

• 79 percent of participants are concerned about their personal information online. While 49 percent of respondents were somewhat concerned about whether their personal information was used for fraudulent purposes, 30 percent were definitely concerned and 19 percent were not really concerned. Only 2 percent of respondents were not at all concerned. Women were fractionally more concerned than men (81 percent vs. 77 percent of men).

Tips for keeping personal information safe.

When giving information about yourself online you should:

1. Always check the ‘keep information private box’ to ensure that the company you have provided information to does not pass on your details to third parties;

2. Don’t enter any personal information on a Website that does not have a Web address that starts with ‘https:// and ensure there is a small yellow padlock in the frame of the web browser window;

3. Never give anyone your user ID, PIN or password, even if they appear to be a representative of a trusted firm;

4. Be wary of emails that appear to come from banks, credit card or other trusted companies, asking you to update security information. Banks will never communicate with you in this way;

5. Don’t give out personal information unless you initiated the contact and are sure you know who you’re dealing with. You wouldn’t disclose this information to someone in the street so why do it online;

6. Always type in the Web address of trusted Websites into the browser yourself instead of clicking on the links in emails. This will ensure that you have not been redirected to a hoax site;

7. Avoid using your real name and date of birth online (e.g. on social networking sites);

8. Be cautious of ‘fast friends’ that you meet online and ask you to reveal personal information;

9. Be wary of disclosing personal information on a work or personal Website;

10. Use secure, trusted Websites when shopping online.


About (ISC)²

The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the globally recognised Gold Standard for certifying information security professionals. Since 1989 (ISC)² has certified over 60,000 information security professionals in over 130 countries with certifications such as the Certified Information Systems Security Professional (CISSPÒ) and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPCM), and Systems Security Certified Practitioner (SSCPÒ) credentials to those meeting necessary competency requirements. (ISC)² also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2’s CBK®, a compendium of information security topics, and is committed to promoting information security awareness and best practice among practitioners, businesses and the general public. More information is available at

# # #

Note to editors: For further information about this survey or to speak to John Colley about the findings please contact:

Teresa Horscroft
PR Consultant for (ISC)2 Europe
Tel: + 44 (0)1420 564346
Mobile: +44 07990 520390

This press release was distributed by ResponseSource Press Release Wire on behalf of Eureka Communications in the following categories: Consumer Technology, Personal Finance, Media & Marketing, for more information visit