Millions of young people have made themselves vulnerable to identity theft as well as putting their future academic and professional prospects at risk by recklessly posting personal information on the internet, Britain's privacy watchdog warns in a report published today.
The report's findings will add to increasing fears about the unchecked growth of personal information held in Britain and the way it is protected after a security blunder at HM Revenue & Customs in which highly sensitive details belonging to 25 million people were lost in the post. Now, in a far-reaching study of the internet behaviour of young people, the Information Commissioner's Office (ICO) says that 4.5 million web users aged between 14 and 21 could be vulnerable to identity fraud because of the carefree way they give up information on the internet, especially when visiting social networking sites.
A similar number are damaging their future education and employment prospects by leaving an "electronic footprint" which could compromise their chances of winning places at colleges and companies.
David Smith, deputy commissioner for the ICO, said: "Many young people are posting content online without thinking about the electronic footprint they leave behind.
"The cost to a person's future can be very high if something undesirable is found by the increasing number of education institutions and employers using the internet as a tool to vet potential students or employees."
The research also found that a third of young people have never read privacy policies on social networking sites and do not understand how they can manage their personal information. Yet an overwhelming 95 per cent of those questioned said they were worried about websites using their details to target advertising at them or to pass on to other websites or companies.
Some social networking sites have already begun using information from their members to link up with major companies and well-known brands. Facebook is facing a privacy backlash from its members, who have complained about a new advertising strategy that automatically broadcasts what a user has bought on external partner sites to their family and friends. Mr Smith said of the ICO report: "This shows that when young people are made aware that their details could be being passed between parties – legitimate or unscrupulous – they are worried. We have to help teenagers wise up to every aspect of the internet age they're living in – it may be fun but unfortunately it is not the safe space many think it is."
The ICO has already begun an investigation into Facebook after a member of the public complained that he was unable to delete his account. A spokeswoman for the ICO confirmed that it expected to be speaking to Facebook about this issue in the next few weeks.
Search engines, including Google, are also fielding complaints that information associated with searches made under an individual's name brings up expressions of opinion made in their youth but which they now believe is harmful to their careers.
The ICO says its research shows that as many as 4.5 million young people do not want a college, university or potential employer to conduct an internet search on them unless they could first remove content from social networking sites. But nearly two-thirds of those responding to the survey said they had never considered that information they put online now might be permanent and could be accessed years into the future.
One worried 16-year-old girl from Yorkshire told the researchers: "I had a blog a couple of years ago and want to delete it – but I can't, and I had personal details on it." A 16-year-old boy from the North-west said: "Potential employers could 'google' you and it could give embarrassing information etc." And another girl, also from the North-west, said: "It sort of scares me to think that what I've written at my age now (17) may come back to haunt me in later years. I did not know this."
As well as not thinking ahead before posting information on the web, the survey of 2,000 Britons aged between 14 and 21 revealed that their online behaviour was a gift to potential fraudsters. Two-thirds accept people they don't know as "friends" on social networking sites and more than half leave parts of their personal profile public specifically to attract new people. More than seven in 10 are not concerned that their personal profile can be viewed by strangers and 7 per cent do not think that privacy settings are important.
Nearly two-thirds post their date of birth, a quarter post their job title and almost one in 10 give their home address. The ICO warns that when this basic information is combined with details that might be used to create passwords – such as a sibling's name (posted by 23 per cent), a pet's name (posted by a quarter of girls), and even mother's maiden name (posted by 2 per cent), fraudsters have enough information to obtain products and services in a young person's name or access existing bank or online accounts.
The ICO is so concerned that it has issued new guidance for young people using the internet which is made available on a new website launched today, www.ico.gov.uk/youngpeople
The guidance includes warnings that a "blog is for life" and can leave a permanent electronic footprint. "If you don't think you'll want it to exist somewhere in 10 years' time, don't post it."
The big three
What? A networking site which started solely for preppy American university students but swiftly became a global phenomenon within months of its 2004 launch.
Users? More than 3.5 million in the UK, thousands of whom log on daily. About 28 million active users globally. Predominantly young adults and teenagers.
Risks? Users generally have to be friends to access each others' profile pages, which increases privacy but lulls people into a false sense of security and does not protect users who accept friends whether they know them or not. Of particular concern is the wealth of personal information: 82 per cent of Facebook users list their birth date, a security question often used by banks. The Information Commissioner is also investigating a complaint from a man who says removing a profile from the site – reducing the "electronic footprint" – is very difficult.
What? One of the original networking sites. Owned by Rupert Murdoch.
Users? Approximately 78 million active users. Particularly children and young teenagers.
Risks? Users tend to leave fewer personal details on their pages than Facebook but a much greater proportion of profile pages are accessible to everyone and users often let slip private details such as phone numbers or event addresses on profile walls. Because of its younger demographic, all pages registered to users under the age of 16 are private – but many young users choose to circumvent this by entering a false age. The flexibility of MySpace has been repeatedly exploited by rogue internet users, including one who managed to redirect users to a site espousing conspiracy theories over the terror attacks of 11 September 2001. The site was hit by a string of security alerts – and a bug – last year.
What? A colourful, child-friendly format that encourages users to post pictures, videos and music clips.
Users? 25 million worldwide have registered accounts. Has failed to catch on in the US and the majority of users are European. Particularly popular with young users although it only controls a 1.18 per cent share of the global social networking market.
Risks? Profiles are only private if users choose to make them so but, unlike MySpace, members under the age of 16 are not forced to keep their details private.
A recent survey of two million Bebo profiles found that one in three publicly accessible profiles belonged to children under the age of 18. Private contact details, such as email, telephone number and address are only available to direct friends.
Jerome TaylorReuse content