Now don’t get me wrong. I don’t care how many people know how old I am – I am heading toward my half century with unseemly haste. Nor am I averse to friends and acquaintances being aware of the date of my birthday. After all there might be a free drink in it.
But there is all the world of difference between your mates knowing your birthday and everyone else having access to your date of birth.
It was the banks who made dates of birth important. When they began introducing telephone, and later on-line, banking the banks decided that your date of birth should be one of the security questions that they asked to ensure that you were who you said you were. Even today if I phone up may bank to check my balance or to see if any payments have been made the first thing that their automated system demands to know is my date of birth.
So it is disappointing how many organisations, bureaucracies and institutions feel that they want to know your date of birth as well. Most of the time, of course, they have absolutely no need to know your date of birth.
They might be interested to know your age, but that is a different thing entirely. Facebook does not want children under the age of 13 to have accounts. That is fair enough. But do they really need to know your date of birth. A simple check box declaring that you are over 13 would do. Still, at least they do not display your date of birth (unless you allow them to do so).
Even more bizarre are those organisations that demand your date of birth, but do not even want to know how old you are. Take the Football Association. A few weeks ago I was working on a project about St George and needed some photos of people waving the flag of St George. A football crowd, I thought, would be perfect.
I guessed the FA might have a photo collection I could tap into so I went to their website. There was no obvious photo library on offer, but I assumed that they would have photos to sell to journalists and so sought to contact them. There was no phone number and no email address. The only contact point was an enquiry form to fill in. But it was impossible to send that form without first having a Football Association Number – termed a FAN. So then I had to apply for a FAN. To get one I had to provide the FA with my date of birth. So effectively you can not contact the FA without first giving them your date of birth. Remember this is for any query at all.
The casual nature of the request for this information is breath taking. Why does the FA want it? What will they do with it?
Sadly the FA is not alone. These days all organisations are at it. I wanted to get on the mailing list for our local Fun Farm that my little daughter likes to visit. What was one of the questions? My date of birth. They might have reason to be interested in my daughter’s age, but why mine? I asked the girl on reception. She did not know. I did not fill in the information, but added a note asking why they wanted the information. I never got an answer.
Which brings us back to banks. One might have thought that with every organization under the sun wanting to know our date of birth the banks might have moved on to other security checks. Well, my bank has given me a number to use when phoning them up. For some reason this is a different number to the PIN I use with my bank card. Fine. But they still ask for my date of birth – and urge me not to disclose it.
Even worse, when they phoned me up they started by asking me for my date of birth. I’m not being caught by that, I thought, and refused. I told them that they urge me to keep that information private. I wasn’t going to hand it out to any Tom, Dick or Harriette. They said they could not continue the phone call until I had verified my identity with the security information. Fine, I said, I will phone you back. They agreed and told me who to ask for once I had phoned the central bank answering service. So I did.
And the first thing they asked me for was my date of birth.
Guest post by Rupert Matthews.
Faced with a webpage that insists on a date of birth, I usually offer 1-1-1900.
There is a technology that allows you to prove on-line that you are old enough without disclosing your actual age. This is surely the way to go for all personal data.
How different is that from the ID Database and the NHS Spine which wanted to know everything and make that available to anyone who was entitled to ask.
Posted by: Chris | 11/02/2011 at 12:08 PM
Where possible, give a false DOB, and then explicitly state that you have given a false DOB as a matter of principle.
Posted by: Richard Craven | 11/02/2011 at 01:15 PM
@Chris
I used to do the same but recently a website told me "you appear to be 111 years old. Please ensure you have entered your date of birth correctly", and it would not allow me to move on to the next page. So now my DOB is 1.1.1910. Fortunately the site did accept 101 year olds.
Posted by: Tor Fan | 11/02/2011 at 01:36 PM
My name, address, date of birth and mother's maiden name are all in Debrett as are my children's and many thousands of other people. Using information which is in the public domain as security credentials is worse than useless.
Posted by: D | 11/02/2011 at 02:58 PM
I now refuse to give my date of birth. I see no reason for others to have this information - are we not supposed to be living in a society where ageism is not PC? But refusing to provide your date of birth causes no end of problems because so many companies now use it as part of their security questioning. When refused recently for anything to proceed during a phone call because of my refusal to give my date of birth I was told it was the law and I had to provide it for data protection purposes. No I didn't I told them and promptly contacted the ICO who confirmed what I already believed that companies have a duty to confirm identity of the caller for say banks or insurance companies etc but that does not mean having to provide date of birth - other security questions can be asked instead (and others that are not doubt more secure). This has come as a surprise to the company and it is now under investigation. It never fails to amaze me how easily people will give up their personal data just because someone asks them for it. If more people refused then I would no longer hear what I hear regularly - no-one else has ever refused etc etc etc. As I have pointed out to companies - you do not need to put my date of birth on correspondence because I know what it is thank you. Prescriptions - that's the next one that needs to be tackled - why on earth do doctors etc put your date of birth on everything? I could go on and on and on about dobs.........................
Posted by: nodob | 11/02/2011 at 04:15 PM
MBNA take the biscuit (a card I no longer have I hasten to add)
Phone rings.
MBNA: "This is MBNA here, could you tell me your password"
(literally, first thing they say)
Me: "If I rang you up at home and said 'MBNA here, could you tell me your password' what would you do ?"
MBNA: blah blah etc
(eventually I'm classed as a 'difficult' customer)
I mean, really !!
Posted by: Purlieu | 13/02/2011 at 07:47 PM
There was a thing on facebook recently where everyone was asked to post their maiden name as their status. I was surprised at how many of my friends obliged - even after I pointed out that this was a common security question!
Posted by: Penny Webster-Brown | 14/02/2011 at 11:51 AM
Your date of birth is, of course, a matter of public record. Anyone can visit the relevant public records office and obtain the details from your birth certificate.
The banks, and everyone else for that matter, need to stop using information that is already in the public domain as a way of identifying their customers.
The best way to do that, ironically, would be for the government to issue identity cards, but it would have to be done carefully and with a lot of thought about peoples’ privacy, rather than the way the Labour government came up with. (Identity cards, for the record, are not necessarily the huge privacy issue everyone assumes, *IF* they were designed properly.)
Posted by: alastair | 14/02/2011 at 12:41 PM
@alastair I think banks etc need to be clearer about when they need the information for identity disambiguation, and when they are using it as a shared security secret. DoB is fine for the former if needed, but useless for the latter.
Posted by: D | 14/02/2011 at 03:27 PM
I was recently stopped in the street by a charity canvaser (chugger) and agreed to sign up for a monthly donation to the charity she represented. She started going through the list of questions she needed answers to on her subscription form and soon came to "date of birth". I said that I did not need to give date of birth to make charitable donations and she replied that "you have to give it". For a few moments we discussed why it was necessary to give date of birth and then I told her that she either gets me signed up with XX XX XXXX in the date of birth section or I will head off down the High Street. She put XX XX XXXX for DoB and I signed up. Just say no when the nosey *uggers ask for data they do not need. Steve C - DoB 15 10 1954. I do not mind giving DoB when I choose to but I do not like being told I have to give it when there is no need.
Posted by: Steve Caroll | 15/02/2011 at 12:30 AM
i have just recieved a call from a company an i refused to give my dob she got right stroppy so hung up on her
Posted by: trish | 10/05/2011 at 01:18 PM