On Thursday, the government said that Companies House, the register for businesses in the UK, will no longer require company directors to publicly display their personal addresses.
If you wish to run a business in the UK, you are meant to register with Companies House. The information of directors and partners must be submitted, alongside annual accounts.
This is also a portal which can be used by the general public to find information related to a firm, but cyberattackers are using this resource to conduct identity theft.
ID theft in the digital age is a common problem. Information leaked through data breaches, phishing emails, and even documents thrown away and then discovered by individuals rifling through bins can all lead to the collation of enough data on a person to steal their identity.
Names, addresses -- both physical and electronic -- dates of birth, gender, telephone numbers, and more can all be used to impersonate victims.
A fraudster with some knowledge of social engineering may be able to take out loans in a victim's name, order items, and secure business credit, and use this stolen information for countless other purposes.
According to fraud prevention organization Cifas, company directors in the UK are twice as likely to become the victims of identity theft and individuals in these roles are named in one in five recorded cases of ID theft.
Part of the problem is the availability of personally identifiable information (PII) on Companies House.
New laws being introduced today will allow directors to remove their personal addresses from the official Companies House register. While they must still provide their business address, this is a step in the right direction to protect business owners from ID theft -- while not tampering with the transparent nature of the register too much.
According to the UK government, the changes have been made in response to cybercriminals using the public information of these directors to buy products online.
"There are also concerns the information is leaving company directors vulnerable to violence and intimidation," the government added. "These new regulations will also help to ensure people feel safe when setting up a new business by protecting directors from identity fraud."
Currently, personal addresses can only be removed if authorities believe there is a significant risk of violence or intimidation due to the nature of the company.
"These new laws will protect new and existing business owners from potential harm and identity fraud while ensuring we maintain our high standards of corporate transparency," said UK Business Minister Andrew Griffiths.
The new laws are expected to come into force by the end of summer 2018.