Pleeeease let's not have these as encrypted spreadsheets that could get 'lost'/made public once decrypted - too simplistic and prey to the CD/memory stick scenario.

Better to have some mechanism that could update the agencies' systems in a secure manner - e.g. agency sends encrypted (new key each month !) name/DOB/temporary record ID list to registrar's office, office sends back (encrypted) record ID of records to be updated.

Or something better that someone PAID to be good at such things has come up with - Schneier or Anderson for example.

... someone presses the wrong key or mis-spells a name and some poor (but perfectly alive) sod finds that his credit cards have all been cancelled because "the computer says you're dead"!

If someone takes the identity of a dead person, is it illegal to kill them since technically they are already dead?

Quote - "But it didn't stop Amex sending an unsolicited credit card to a name I made up for a third party online survey, whose name they then flogged to Amex, who then decided that he must be worthy of a credit card, even though he DOESN'T EXIST!"

Where was this online survey? I coul ddo with a few credit cards, particularly in names of people who don't exist ;)