Originally Posted by
bisonrav
One year isn't really enough.
Agreed. I think 2 years is appropriate. I had separately registered for CIFAS prior to this incident and from memory that is active for 2 years which is when they expect most fraud to occur after data loss.