Legal help for data breach compensation claims

My voice is my password system raises eyebrows

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

There has been some recent controversary over the government’s use of the ‘my voice is my password’ system.

Privacy campaigners have reportedly called for HRMC to delete the millions of recordings they hold for people who use the ‘my voice is my password’ system because they’ve failed to gain clear and proper consent from users of the system. The government say that the system is secure, and they have relied on implied consent; but privacy watchdogs are concerned over consent, security and storage.

Eyebrows have certainly been raised…

The ‘my voice is my password’ system criticised

The ‘my voice is my password’ has faced heavy criticism recently from privacy watchdogs who say that the HMRC should delete the millions of recordings they have of people’s voices.

With some 5.1m callers in a recent annual period, the use of HMRC’s ‘voiceprints’ is being probed because they’ve reportedly failed to ask for proper permission to store and use the recordings. It’s understood that HMRC are changing the way they gain consent for people to use the ‘my voice is my password’ system, but they have until now relied on implied consent from users.

It’s important to know that implied consent does not always constitute as proper consent.

Concerns over ‘my voice is my password’ security

Concerns have also been raised over the security of the ‘my voice is my password’ system used by HMRC.

What if the system was hacked? They’re not the only ones using the system, as some high street banks use it as well. With a failure to gain proper consent comes the worry that they have perhaps failed to properly secure the voice recordings, but HMRC say that the system is secure.

Still, if it was ever hacked, people would have every right to be incredibly worried. You can change a password, but it’s not so easy to change your voice! Plus, the system can reportedly be fooled by people who have similar voices, such as siblings.

The public sector is already heavily targeted because of security vulnerabilities. Last year’s WannaCry attack was a huge example of this.

What about GDPR?

The issue over consent for the ‘my voice is my password’ system is exactly the kind of hot water an organisation could land themselves in by the simple act of not doing something completely right.

Whether there will be a GDPR fine or not remains to be seen, but assuming implied consent is OK for something like this could be the downfall of an organisation that finds themselves on the wrong end of the law.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Matthew on August 21, 2018
Posted in the following categories: Cybersecurity Security and tagged with |


Poole Hospital data breach
Signed undertaking over Humberside police data breach