Client asked to see CRB disclosure- some questions for you all

[HonestJosesphine]

I do some freelance work that involves children. I've been doing this for almost 40 years and have been freelance for almost 20, in addition to being an employee for some of that time.
I've recently been asked to show a new potential client ( private individual) my CRB clearance which I have done by scanning- their request.
I am now kicking myself a bit because it contains confidential information such as my DOB, place of birth, current address etc.
In so much as they want to trust me, I also have to trust them not to misuse this information- especially my DOB which is no one's business.
I have asked them to destroy the file once read but now an thinking I should not have sent anyway - anyone else who has seen it has done so in person and not had a copy emailed.
Is there anything I can do to protect myself from potential identity theft etc with this type of issue?

I don't wish to minimise your concerns but I really think a client using your address, DOB and place of birth for identify theft, or passing that information on is unlikely in the extreme. That's pretty basic information anyway, not financial or anything like that.

In terms of protecting yourself if you are really concerned, well you've already asked them to destroy it, which is all you can do, and in future continue as you have been previously and show clients a copy in person rather than emailing it.

Thanks.
I am not so worried about the client themselves, but about email accounts being hacked. It happens so often and some people have email accounts that are from their work, so you cannot be sure who else has access to that- in addition to the fact those accounts could be hacked.
I think you are minimising the risk, tbh ( for your own information!) because some of the information given could be used by anyone who wanted to set up rogue bank accounts, obtain passports, or even - just another thought- answer security questions that might be linked to other people's accounts or personal information.

I didn't say anything about the risks in terms of what the information could be used for, or give any indication that I don't know or can't work that out.

I said I think the chances of your information being used in this way as a result of emailing it to a client are unlikely in the extreme. Work accounts generally have very good virus/hacking protection anyway, if it's hacking you are concerned about. But that's just my view.

If someone in an email asked me for some perfectly reasonable reason what my birthdate was, or where I was born, it wouldn't occur to me to refuse to tell them over the email in case their email account was hacked by someone seeking information to set up a rogue bank account! Perhaps I'm naïve about the chances of these people hacking into email accounts, but I can't think of a single occurrence among people I know, so I'll take my chances and remain naïve.

flowery- without giving too much away here, it was a lot more than a DOB and place of birth- which some people are happy to display on Facebook etc.

The client didn't ask for my date of birth- that information is included in a CRB enhanced clearance ( as it was known) along with other info which I won't state here.

I don't want to detail the information that was sent but it included professional qualifications with reference numbers as well.

Yes, the odds are unlikely but anything that is sent via the web can be found eventually, including if the hard drives get into the wrong hands sometime.

But surely all of that info can be found out by anyone looking for it.
They always get peoples birth and marriage certificates on heirhunters
Your address will big in the phone book or electoral register

Any information you are sending to clients is covered by the Data Protection Act, they are legally obliged to keep it confidential and to do everything possible to avoid it being accessed by third parties.

Also as insancerre says, a lot of what you might consider to be private information is easily available. Your name, date and place of birth and mother's maiden name will be on various family history sites where anyone with a subscription can access it.

Sadly professional qualification numbers are really easy to come by. My professional organisation allows any one to search their database and see my professional registration number through their website and mine can be used to get controlled drugs if combined with my signature.

insancerrre
I take care to protect my personal data. I opted out of the electoral register- the one that anyone can pay to access. The only way it can be accessed is to go to the council offices and ask.
I am ex directory and not in any phone book for the same reasons.
I know about the Ancestry sites- have used them for personal family tree info - but the difference with that is someone has to register and want to find ME, rather than the information being gleaned through a mass email hack or data insecurity. I think there is a difference between it being 'findable' with effort, and shared of my own free will when there are other options.

I don't know if the Data Protection Act is relevant here- this was not emailed to a company- it was sent to an individual, using their work email for personal use.

If the person receiving the email is a client and you are involved in a business transaction then yes, the DPA does apply.

I'm also freelance, I very rarely work for companies, usually it's individual clients. Both I and they must comply with the act.

Are you concerned that this person does not have adequate security measures in place?

I've no idea Saskia.
I've been in touch with them and agreed certain steps they can take, but I also know that in some organisations colleagues access each others emails if, for example, one person is on holiday and the other colleague is covering, or they do a job share or whatever.
It's just made me more wary of what I transmit by email to people I don't know or know what kind of security is on their computer.