HMRC Criticised For Storing Voiceprints
When it comes to sensitive data, we’re all aware that this can cover all manner of things nowadays. From our personal details being stored on paper, to photos, videos and voice recordings that are digitally stored.
HMRC has recently come in for considerable criticism for recording and storing the voiceprints of over five million British citizens, without telling them what these are used for or which other government agencies they might be shared with.
Big Brother Watch submitted a Freedom of Information request to find out how many voiceprints had been recorded, describing the practice as “creating biometric ID cards by the bkdoor”.
According to the organisation, which campaigns to protect individual freedoms, callers to the HMRC phone lines are required to repeat the phrase: “My voice is my password” in order to be put through to an operator.
Tax payers are not being given the ability to opt in or opt out and as a result, Big Brother Watch believes the scheme is in contravention of UK data protection laws.
It also noted that HMRC will not say how these voiceprints are being stored and used, whether people can have their voiceprints deleted, or whether the legally-required privacy impact assessment has been carried out.
Director of Big Brother Watch Silkie Carlo commented: “These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives.”
She added: “HMRC should delete the five million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect for the public.”
The Information Commissioner’s Office (ICO) is now investigating the practice, the organisation stated.
With data like this that is stored digitally, it’s vital to ensure it is properly deleted and irretrievable when it’s no longer required. This is where a media destruction service in the UK can help.
For most businesses, this will relate to the disposal of electronic equipment, like old laptops, PCs, routers, servers and other technology that is being replaced or removed from use. Before this is taken to be physically disposed of, all traces of the data contained within the device need to be wiped.
Earlier this year, the ICO was given new regulatory powers that are designed to ensure it is able to carry out its investigations in a manner that is fit for the digital age. In a blog post for the ICO, James Dipple-Johnstone, deputy commissioner for operations, explained what these powers are and how they will be used.
The aim of the new powers is to to make it easier for the ICO to “see how personal data are actually being used and managed”. They include giving the ICO the ability to issue emergency notices that have to be followed within 24 hours and making it a criminal offence for any organisation to destroy data the ICO wishes to obtain a warrant to remove.
Mr Dipple-Johnstone said that they will allow the organisation to “better tackle the challenges of securing evidence and investigating systems in-situ”. They’re particularly important for fast-moving investigations, he added.