British people were told yesterday that the personal data of nearly half the nation has “gone missing”. In the newly merged department of Inland Revenue and Customs, a “junior official” downloaded the personal details, including bank account data and National Insurance numbers, of 25 million people and placed all of it on two unencrypted CDs.

The official then put the CDs in an envelope and posted it. The package wasn’t even registered so couldn’t be tracked or traced. It’s now officially “lost in the post”.

Alternatively, it may have been stolen to order by organized crime. We have been told, the official is now under guard in a “safe house” to protect him or her against the media, and presumably criminals seeking “to make him an offer he can’t refuse”.

This morning there’s huge panic all over the UK as people wake to find their bank accounts and personal identities compromised in the most dangerous way possible.

Once again we see the perils of allowing a central administration to accumulate vast quantities of information through a system of universal benefits more in tune with the Soviet era than the distributed nature of data in the age of the internet.

What can you do to protect yourself against the kind of scam everyone in the UK is now worried about?

1. Check your bank and credit card statements for the next 5 to 10 years. Criminals can lie low and strike when banks get sloppy again.

2. Change your online banking password, especially if you use family data as a memorable word.

3. Look at your credit report. The information in the Child Benefit Agency records is enough for a criminal to apply for loans, credit cards and even mortgages in your name, as well as other forms of credit such as mobile telephone and catalogue accounts. Your credit report lists all your credit commitments and recent applications for credit, so you can instantly see if someone has been trying to use your ID.

Apart from that, you are at the mercy of Government officials and your bank’s security measures. Ultimately, they must take responsibility for protecting their customer’s data.

Unfortunately, British Government agencies routinely break its own Data Protection Act. The shambles goes on.

If you thought you could make money online without declaring it to the taxman, think again.

Austria, Denmark, Britain, Canada, The Netherlands and Sweden have teamed up for the “Xenon” program, which was started in The Netherlands in 2004 by the Dutch equivalent of the IRS, Belastingdienst.

Wired Digital reports, “Xenon is primarily a spider: a program that downloads a web page, then traverses its links and downloads those as well, ad infinitum. In this manner spiders can create huge datasets of web material, while preserving the relationships between pages at the moment they were spidered — something that can reveal a lot about the people that made the pages.”

The program aims to crack down on suspected internet tax cheats, using a sophisticated web crawling program to monitor transactions on auction sites, and track operators of online shops, poker and porn sites.

Once the web pages are screen-scraped, Xenon’s Identity Information Extraction Module interfaces with national databases containing information like street and city names. It uses that data to automatically identify mailing addresses and other identity information present on the websites it has crawled, which it puts into a database that can be matched in bulk with national tax records.

Canada’s tax authorities declined to state what its Xenon data retention policies are, as did Simon Bird, head of the “Web Robot Team” at the British HM Revenue and Customs office.

In the United States, the IRS is not a part of the Xenon project, but would neither confirm nor deny that it uses spidering software in its investigations.

If you are buying an existing business as a way to avoid the uncertainties of the startup phase, you’ll need to do “due diligence” on it before committing yourself and your investors to the deal. So, what is due diligence?

Essentially it’s the process of going through the books, examining current trading information, details of investment plans, commitments and liabilities. It should give an indication of any flaws in the setup, any skeletons in the cupboard.

For a listed company, it can ensure that shareholders receive the highest price and set off an auction process. It is disruptive to the target company which has no certainty that anything at all will come of the process.

Most companies like to keep closed books so that sensitive information doesn’t fall into the hands of rival firms who may just be fishing for confidential data.

The system isn’t foolproof either, in that investigating lawyers and accountants can run up huge bills without guarantee of accuracy.

Additionally, in the new world order, after Enron, we know that some companies have kept a second, secret set of accounts.

But for buying small-to-medium businesses, it would be unthinkable to go ahead without some form of due diligence, if only by the prospective buyers themselves.

Yahoo has put up a comprehensive page, plus related articles, about the dangers of “phishing” attacks and how to counteract them:

“When it arrives in your inbox, a phishing email will have one aim in mind: to get you to divulge your bank or credit card details. This is usually as part of a so-called security check or review of your account details, where the sender will act as though you’re simply confirming what they already know. You’ll be asked to provide your details in one of two ways: either by including them in a reply to the email or by clicking on a link in the email that takes you to a website that’s been made to look like that of the institution in question. Here you’ll be asked to log in or simply enter your details in a form on the page, at which point your account details are saved and the criminals have all they need to pose as you at the real website of your bank and transfer your money out.”

Read the whole article.