“A fool and his money are soon parted,” so the saying goes. And ever since the advent of online gambling, fools have never been so quickly parted from both their hard-earned cash – and their personal information.
That, at least, is the claim of Simon Davies, the founder of Privacy International. In 2010, Davies conducted an experiment with a number of online gambling operators to find out how they dealt with the information they collect.
This includes not just the data they gather as customers gamble away their money, but also the sensitive identification documents they typically demand before opening an account. “It is routine for sites to demand passport and credit card scans, driver’s licences, utility bills and other personal documents,” wrote Davies in a report.
Did they, Davies wanted to know, comply with the UK Data Protection Act and keep the information only for as long as necessary?
No, was the blunt answer. “All the available evidence indicates that this information is stored permanently,” says Davies.
When sites were pushed by Davies to close his account and delete all his data, most refused, with many citing anti-money laundering laws as justification for keeping his personal data indefinitely.
In the case of 32Red, it even offered him free chips first before turning down his request on anti-money laundering grounds.
Identity theft threat
The problem, says Susan Hall, partner and IT specialist at Cobbetts, is that the documents demanded by online gambling sites are also ideal for conducting identity theft.
“Every time the law requires that an organisation generates or collects personal data, you are creating another point at which an identity theft can occur,” says Hall.
She adds: “[Anti-money laundering legislation is] actually putting an obligation on organisations to have exactly the sort of information on file that would be of interest to an identity thief.”
Furthermore, an estimated two-thirds of the online gaming of British citizens is conducted on sites outside of the UK, outside the reach of regulators such as the Information Commissioner's Office (ICO).