"The model we currently have means that organisations have too much data. In a typical e-commerce transaction, for example, the merchant wants to collect more information as the value of that transaction goes up. But then so does their liability and risk," he said. "There should be a change in that thought process."
Another example is the amount of employee data stored by companies, including for background checks, medical insurance and salary payments.
One possible solution is for companies to develop third-party data verification services, and act as intermediaries for e-commerce merchants and other organisations.
"If you take a typical e-commerce scenario, a company might want to carry out age verification and try to match the name, address and date of birth against that," said Gebel.
"If there were an intermediary who could vouch for the buyer's age, that is much safer for the merchant as they do not need to collect lots of data, and safer for the consumer as they are not sharing data."
Possible contenders to serve as data intermediaries could be communications providers such as BT or Vodafone, the Royal Mail or banks, according to Gebel.
"But they would have to operate in different ways to how they do today, acting for the consumer rather than the organisation," he said. "It could also be a new type of business that evolves, for example the next Amazon or eBay."
However, Gebel did not see an opportunity for this intermediary notion to be linked with the UK government's ID cards plans. In the past, it had been suggested that businesses would be able to use the ID cards scheme for employee authentication purposes.
"The UK government has such low credibility, both around ID cards and losing laptops. I do not see how they could do anything in the short-term; they first need to demonstrate proper handling of data."
Gebel was also concerned about the continuing problems with data breaches. " The fact that we are actually seeing more data leaks than ever is incredible," he said.
"Is it sloppy handling or incompetence? At this point you would expect government departments and companies to have improved their processes. Organisations need to change, as we have reached a precipice.
"But rather than more privacy laws being introduced, I would prefer to see the consuming public reacting in a way that punishes businesses and their actions, although that does not help with governments."
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
