Lord Sheikh asked Her Majesty’s Government what steps they are taking to address the issue of identity theft.
The noble Lord said: My Lords, this is a most timely and important debate, and, in the context of recent events concerning the Government’s inadequacies in the protection of their own information, one that is of crucial importance to a significant number of people. In the limited time available to me I should like to focus on the issue of identity theft and the enormous suffering that is caused to a great many people as a consequence of this hideous crime.
Home Office estimates suggest that identity fraud costs the United Kingdom economy more than £1.7 billion each year. This estimate represents an increase of £400 million over the past three years and is in all likelihood a conservative estimate of the trust cost. I welcome the contribution made to tackling this issue by the All-Party Parliamentary Group on Identity Fraud, and in particular its report published in October last year. The recommendations in that report were sound and deserve proper action. I hope that the Minister will have some positive news to report to the House on what has been done since its publication.
A broad theme in the report was the need to ensure that the police and the law enforcement agencies are provided with the appropriate resources to pursue those who make it their business to enact this most offensive behaviour, in particular by providing the strategic leadership to deliver the priority treatment in tackling this crime. The report made reference to the appointment of an identity fraud tsar and ensuring that sufficient energy and resources are available to identify and punish these fraudsters. Have the Government considered a review of the law and the resources available to law enforcement agencies? Will we see the establishment of dedicated identity fraud officers?
I would now like to talk about “phishing”. Phishing involves frauds when customers receive fraudulent emails purporting to come from banks, credit companies and other organisations. The intention is to trick people into divulging personal information which is used to commit a fraud. Phishing is one of the biggest identify frauds, and the fraudsters are often based overseas. The Metropolitan Police has set up a fraud alert website, but the police need more resources in view of the international dimension. Can more be done in conjunction with overseas countries?
Financial institutions and a number of other organisations often ask the prospective customer to produce a passport, and they have a policy of checking the document and obtaining verification through the government passport verification help line. We are pleased that the Government have set up this help line. However, there is no similar arrangement for checking driving licences or other government documents. Can that be looked into, and will the Minister comment on the possibility of checks being introduced for these documents? In regard to fraudulent passports, I am pleased to note that the Identity and Passport Service has deployed a database of lost and stolen passports and that a passport validation service is now available to public and private sector organisations. However, more can be done to encourage all relevant commercial organisations to utilise this service.
I understand that a national UK cybercrime policing unit is to be established which will enable the public to report cybercrime to a central unit. The unit will train officers and provide workshops for businesses across the country and will be staffed by dedicated officers. The problem is funding, to which the Government are not yet committed. I understand that the start-up costs amount to £1.3 million and that the total cost will be £4.5 million annually. Will the Minister comment on this unit and the provision of funding?
I further understand that the e-crime unit will form part of the emerging national fraud reporting centre which will be run by the national fraud strategic authority. There have been discussions between the Government and ACPO. Perhaps the Minister can clarify the outcome of those discussions.
There needs to be an extensive programme funded by the Government, relevant authorities and financial institutions to undertake the following: first, to make people aware that their credit files are available from credit reference agencies; and, secondly, where to go to report the theft of documents and correspondence and to obtain general advice and information. There must be an active programme to make people aware of precautions that they could take to guard against identity theft, which could include asking people to shred all personal documents, to check their bank statements, to chase the non-receipt of cheque books and cards, to redirect their post and update the electoral roll if they are moving home, and to regularly check their personal credit files. If people are sharing accommodation, they must take extra care over the security of their letters and documents. I am also pleased that national fraud prevention week takes place annually. More organisations could be encouraged to take part in this initiative.
There is also a problem with the impersonation of deceased persons, and I am pleased that there are now provisions to combat this awful practice. Powers are now granted to the General Register Office to supply a deceased person’s details to the police, crime agencies and other bodies for the purpose of prevention, detection, investigation and prosecution of offences. Members of the public should, however, be encouraged and advised to register with services that remove the deceased person’s details.
I would now like to talk about businesses and companies where identity frauds are committed, including offences relating to the directors. These frauds include changing details of the company such as the address, false appointment of directors and fraudulent use of information already held. More can be done to urge companies to file information online, sign up to submitting all papers online and subscribe to an alert system. At present a very limited number of companies are doing this.
Financial services organisations should be encouraged to put identity fraud at the forefront of their considerations, and discussions should take place at board level as a regular agenda item. Institutions need to set up risk assessment committees that constantly examine the situation and recommend and implement the necessary protections. The private sector’s deployment of resources to confront these crimes is of the utmost importance and customers must be told of the dangers and the appropriate action to take.
The problem of identity theft is linked to that of cybercrime, which continues to pose an immediate threat. I welcome my party’s proposals, which include the establishment of a new national cybercrime unit within the police force and a similar department within the Crown Prosecution Service. My party’s suggestions are excellent. Has the Minister any comments on our proposals? Those who use encryption as a mechanism to confront the threat of fraud are to be congratulated. What action are the Government taking to increase the use of encryption to protect personal data?
In conclusion, it is disappointing that the Government have allowed themselves to become so completely focused on the identity card issue that they are not perceived to be as proactive in promoting the prevention of identity theft as I believe they should be. I hope the Minister will reflect on the proposals that I have presented today and on the work of the all-party group that has done much sterling work in this area. I look forward to his response.