KIT and others wrote"
"The password they use is the secure part - or should be - of the entry
key."
Agree totally - and on a totally pragmatic point I have known users who
had difficulty remembering their surnames as their user names and their
kids/wives/girlfriends/boyfriends names as their passwords!! What
chance will they have remembering/memerising an NI no.??
Peter
Peter Wilson
Legislative Compliance & HR Information Officer
Department of Human Resources
University of Paisley
0141-848-3703
[log in to unmask]
>>> <[log in to unmask]> 05/10/02 07:42am >>>
In a message dated 09/05/2002 15:50:55 GMT Daylight Time,
[log in to unmask]
writes:
<< Can anyone see real problems with asking staff to use their NI
number?? The HR dept and Finance already have this number on file
for
obvious reasons, so its just the IT guys who would have access to it
too
(although they probably already have through Admin privileges on our
Finance system). Your NI number is not sensitive personal data either
- I
think? So would there be any other problems with this approach? >>
---------
It would almost certainly be in breach of the third Principle of the
DPA98 to
use a person's NI number for anything other than national insurance,
tax or
benefits purposes. It cannot even be used as an internal identifier to
avoid
record duplication.
Some organisations ask for NI numbers on job application forms - even
though
it is excessive data if the person is not employed. It is better to
collect
such information when you appoint.
Once collected, it should be held securely - although not classed as
"sensitive" in the Act, there is a legitimate expectation that it is
not made
generally available and only used for NI/tax/benefits purposes. It
might be
a good idea to restrict access to personnel records and if your IT
staff have
"back door" entry facilities to the data it might be worth closing
such
facilities or installing a low-level audit trail.
User names need not be secure, it could be the person's own name or
payroll
number. The password they use is the secure part - or should be - of
the
entry key.
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not
replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting
your
solicitor. If you need further explanation of any points raised
please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Legal disclaimer
--------------------------
The information transmitted is the property of the University of Paisley and is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this
e-mail may not represent those of the company. Any review, retransmission, dissemination and other use of, or taking
of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender immediately and delete the material from any computer.
--------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|