By Mark Ward

Technology correspondent, BBC News



Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The scandal of the 25 million missing records has highlighted the vulnerability of data.

It is easy to develop a sense of creeping paranoia when you begin to contemplate just how many companies, government departments and other organisations know your personal data.

MISSING DATA INCLUDES National insurance number Name, address and birth date Partner's details Names, sex and age of children Bank/savings account details

Enlarge Image





"The average economically active individual in the developed world is on about 700 databases," said Niamh Gallagher, a researcher at think tank Demos who has spent six months researching the spread of personal data.

She said it would be naive to think that an encounter with one organisation means one isolated database is queried. Typically data is gathered from many sources before a decision is reached.

For instance the USVISIT border system, which is consulted when Britons cross from the UK to the US, mines about 30 separate databases as it checks identities.

Ms Gallagher and colleague Peter Bradwell will release their report in early December.

"Pretty much every organisation you engage with day-to-day - from clicking your Oyster card to ordering your take away - means sharing personal information."

That sharing of data, she said, has become entwined with modern life and it was a mistake to think that sharing information so often only has a downside.

You are not going to get people complying with data protection on the basis of good will

Niamh Gallagher, Demos

Anyone that tries to stop their personal data leaking away often find they are denied benefits enjoyed by those that are happier to share.

For instance, paying cash for everything will keep your name off credit checking databases. However, without the re-assurance of that check banks and credit card companies may refuse to issue a loan or mortgage.

Data control

And there are a lot of people within companies, government and other organisations that are allowed to use data that can be used to identify you.

According to the 2006/7 annual report from the Information Commissioner there are more than 287,000 data controllers in the UK who have a responsibility for making sure that personal data is used correctly.

Personal data in this sense is information that can be used to identify an individual.

Many of those data controllers will oversee many more who actually do the job of maintaining and expanding the databases holding the data.

And it does not stop there. The web is helping that data take wing and travel farther than ever before.

Government departments are increasingly sharing data

What few people realise, said Ms Gallagher, was that handing over data to one organisation can mean that it reaches many others and becomes an entry on the database they maintain.

"There is no awareness of what happens to that data when you give it away," said Ms Gallagher.

"It is not so much the organisations with which you willingly share data," she said, "it is where it goes after that."

Many organisations that collect data, such as credit checking agencies, were under commercial pressure to widen the scope of what they collect, said Ms Gallagher.

No longer are firms just interested in the basic facts about you - now what matters as much as what type of credit card you own is when you go shopping, which stores you visit and what you buy.

That pattern holds as much information as the raw facts about you - it helps companies decide which socio-economic bracket to put you and how to go about tailoring marketing to fit you and your lifestyle.

Watching them

Surveillance and the collection of data about people has become so pervasive that it has spawned a dedicated research organisation - the Surveillance Studies Network.

Dr Kirstie Ball, a senior lecturer at the Open University, said that although many social scientists been studied the subject for years the pervasiveness of that scrutiny was prompting an upsurge of interest.

"That personal data held by every organisation you interact with runs the parameters of your existence, your consumption, your entitlements," she said.

Almost every time you fill in a form the data makes it to a database

"We're all interested in the collection and application of personal data and its consequences for individual rights and social science concepts such as trust and discrimination," said Dr Ball.

"It merits study and understanding because its consequences can be tangible," she said.

For instance, she said, an employee ticking the wrong box when they enter your data into a database could mean a person ends up labelled as a former criminal or credit liability.

It is possible to ask to see the data that companies and organisations hold about you, but a very small number of people take up this opportunity to vet what is known about them. Making sure all of it is accurate would be a mammoth task.

For Ms Gallagher at Demos beefing up the power of the Information Commissioner to enforce the Data Protection Act would help redress some of the imbalance between the data companies hold about us.

"Organisations and companies should be responding to the way we live," she said.

Only by using those powers will the creeping spread of that data be held stemmed.

"You are not going to get people complying with data protection on the basis of good will," she said. "Data is just too valuable."

Her Majesty's Revenue and Customs has set up a Child Benefit Helpline on 0845 302 1444 for customers who want more details.