Hello All
This is my first query to the list, although I have been following the
various trails for a few months and find them very useful.
Here goes. We are looking at ways of tightening up data security (in
anticipation of maybe going for ISO 17799). At the moment we are pretty
lax about usernames, email aliases and passwords, we need to tighten this
up.
My IT guy has suggested that instead of our current (easily guessible)
Username protocol we get people to use their NI numbers (as thier Username)
instead. Can anyone see real problems with asking staff to use their NI
number?? The HR dept and Finance already have this number on file for
obvious reasons, so its just the IT guys who would have access to it too
(although they probably already have through Admin privileges on our
Finance system). Your NI number is not sensitive personal data either - I
think? So would there be any other problems with this approach?
Thanks for any help and advice in advance
Paula
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|