I’ve been publishing on the subject of personal privacy since 2007, and finally, now, in 2015 I decided to take my CIPP/E. The CIPP credential says you know privacy laws and regulations and how to apply them according to the International Association of Privacy Professionals (IAPP).
Why did I take this certification? After all I have a Masters Degree in Information Security in supposedly the most famous (in this subject) globally, with the Royal Holloway University of London (RHUL). I also have an MBA with Henley Management School (University of Reading). On top of 20 years of rich experience in IT and IS, it looks as though I am in the league of ‘over-qualified’ and then ‘what next?’. Or am I?
No! I am driven by a desire to ‘fix the Swedish ID promiscuity problem’. (There is more on this in my blog, lots of posts.) I took CIPP/E to get a toolkit that I could use to stop, my and your Swedish ID, being publicly sold online without my or your consent! So now I finally understand what the problem is, and I believe I can solve this, to finally squash this conflict between ‘freedom of information’ laws and ‘PuL’. Watch this space…..
This makes you vulnerable to identity theft. Swedish residents have no legal right to protect their personal identifying information (PII) which includes the first 6 digits of the 10 digits (AAMMDD-xxxx) of Swedish IDs. Except is if you have a protected identity. Following is the response I received from one of the credit reporting agencies that I contacted.
“We are a credit reporting agency with permission from the Data Inspectorate (Datainspektionen). The data in our database are and should be a reflection of public databases retrieved from authorities such as tax authorities (Skattemyndigheten), payment remarks and debt collecting agencies (Kronofogdemyndigheten), and the bureau of statistics (SCB). Public data means that anyone can contact the respective government authority and get the same information there. We are by the Credit Information Act (Kreditupplysningslagen) required to make changes in our database to correct faults, but you have no right to be omitted from the register. All residents in Sweden who are over the age of 16 are included.
Protected Identity is the only way to hide the address and other personal information with the authorities, and thus also with us, and it may be issued through the tax or police authorities. Once an identity has been protected the data is hidden automatically in our system.”
This was in response to the following request I made.
I would like to kindly request that you do NOT share my personal information with third parties that make money from my personal identifying information, an example is ‘birthday.se”. Due to the sharing of my PII the first 6 digits of my Swedish ID is public, consequences are that it makes me vulnerable to identity fraud.
Can you please confirm that this is done. If not would be be kind enough to give me enough information to understand why not?
Hopping mad you should be if you are a Swedish resident, after taking a visit here http://www.ratsit.se, and search for your name. This is against the Data Protection directive, of which Personuppgiftslagen (PUL) is the legal enactment of. I am so bored of asking to have my name removed, only for it to pop up again later, and now I see that it is impossible to remove your personal identifying information (PII) (http://www.ratsit.se/Content/FaqSearch.aspx)… it is PUBLIC for all to see forever! What a smorgasbord for identity thieves!
I can see how old you are, where you live and the first 6 digits of 10 digits from your Swedish ID!
It seems to be that the Kreditupplysningslagen (KuL) has priority over PuL. In PuL you have a right to personal privacy. You should be informed who has had access, or even viewed your personal information. Now KuL does inform you when a request is made for your creditworthiness, but it doesn’t tell you about who has viewed your Personal Identifying Information (PII) through http://www.ratsit.se who they share your PII with, for example. Your PII includes your date of birth, where you live, etc…
I am going to make an official compliant to the Datainspektion. If you are interested to add yourself to a petition to support me in this, please Like this Post here on the blog direct, or on LinkedIn or FB status update, wherever you happen to pick this up.