What makes you ‘YOU’?

WHAT makes a person’s identity?

What makes your identity?

Have a think about how you would answer that for a moment.

Generally, we think of our identity in the context of qualities and attributes that make us unique, and which are very much connected to what it is to be human.

The Oxford Dictionary defines identity as ‘the characteristics, feelings or beliefs that make people different from others’.

The things that may come to your mind when answering that question probably include personality traits, likes, dislikes, beliefs, values, relationships, sense of belonging, moral and ethical codes.

Hold that thought.

‘People in Guernsey are being warned about a scam email claiming to be from public health bosses’ (BBC, 17 August).

‘Guernsey’s Medical Specialist Group has issued another warning about scam emails being sent out claiming to be from the company… using them as bait to get them to click on a link’ (ITV, 2 August).

‘Woman scammed out of £45,000 by fraudster’ (Guernsey Press, 9 June).

Hearing such warnings is (sadly) commonplace these days. This sort of criminal activity happens largely (but not exclusively) online and reflects a dramatic upward global trend – it is a crime that is on the increase, and it is a crime that pays. Billions of pounds each year are ‘lost’ to what is commonly referred to as ‘identity theft’ – it occurs when criminals access enough personal information about an individual to commit fraud or deception.

There are various techniques ranging from outright theft (stealing a wallet and bank cards) to social engineering (manipulating people to hand over personal information) and the harvesting of data (gathering as much data as possible from whatever source may be available). With this information, the criminal impersonates the victim to access bank accounts or set up new ones, obtain goods, loans, benefits, services, official documents, and lots more.

But talking about identity like this necessarily challenges our understanding of what identity is. It points to something important and something worth taking a moment to reflect upon – that our identity is now not just about our sense of self and our human attributes, it is also inextricably and irreversibly linked to data.

Because almost every aspect of our lives is now collected, generated, recorded, shared and used in data form. Data that shows where we are, who we are messaging, what social media we are using, what websites we are browsing, etc.

In some ways, this vast data trail we leave in our wake is something we may consider as being physically separate from us – existing only on spreadsheets, databases, filing cabinets or in the cloud. But, the personal data about us increasingly is us. Think about our growing reliance upon biometrics (fingerprints, facial recognition) for everything from unlocking your phone to travelling through airports. The lines between ‘spreadsheet’ data and us as human beings is increasingly blurred. But we cannot realistically opt-out of this ‘datafication’ of our lives. Imagine trying to open a bank account, book a holiday, or pay your taxes without data to ‘prove’ who you are. Just imagine if your identifying data (birth certificate, passport, driving licence) were to be taken away. It would make your ability to function, interact and be a part of society very difficult and you may even find yourself entirely excluded because, for all intents and purposes, you do not ‘exist’.

You may have noticed that we regularly publish statistics on breaches that happen in the Bailiwick (www.odpa.gg/information-hub/statistics-reports/). It is a legal requirement for local organisations to report them to us when they reach a certain threshold (www.odpa.gg/information-hub/guidance/handling-data-breaches/list-page-guidance-on-personal-data-breach-reporting/) and we publish figures, observations and learning points every two months.

While it may not be immediately obvious to most people why such an activity has value, we are very clear that it does.

Data breaches are a key enabler of identity theft. By harvesting personal and financial information, criminals are able to commit fraud, damaging people, businesses and services. We are all at risk, but criminals typically target vulnerable people for whom the consequences can be devastating, not just financially but psychologically too.

As highlighted above, data about us is no longer simply a record of things such as our name, address and password on a database somewhere, it is information about our bodies – whether that is a thumb print or iris scan. When a password is compromised, we can change it. We cannot change our fingerprint, iris or face. Once the criminals have that data, it is not hard to imagine the possible consequences.

We want organisations that have your personal data to understand the significant legal and ethical responsibility they have to take care of it. Understanding how and where breaches most commonly occur can help us all get better at preventing them happening in the future.

The digital world offers many wonderful opportunities, but we also need to be honest about the risks. As we discussed last time (Hidden harms and safety nets, 1 August), prevention will always be better than cure.

Harm done as a result of identity theft, or any other data misuse, is often impossible to undo. But we are not just bystanders. We all exist in the digital world and our lives, our identities, are interwoven into data sets that have the power to impact our lives for good and for bad.

Perhaps it is time for the Oxford Dictionary to update its definition of identity to something along the following lines: ‘the characteristics, feelings or beliefs that make people different from others, oh and of course don’t forget all that data too’.

Identity is important for us individually and collectively, but its meaning is changing. That change reflects the increasing digitisation of our lives which in turn means that we urgently need to reframe the conversation. Taking care of our identity means taking care of our data. Taking care of our data means taking care of us.