Four problems (at least)
1. The OIC "disapprove" of national identifiers being used for purposes
other than those for which they were issued
2. NI numbers are massively insecure - by definition an access code should
be known only to the person using it
3. Do you trust all the people who already have access/will have access to
NI numbers
4.How do you stop fishing/unwarranted monitoring
In short don't go there.
Alasdair Warwood
----- Original Message -----
From: "Paula Owen" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, May 09, 2002 3:36 PM
Subject: Use of NI numbers for usernames
> Hello All
>
> This is my first query to the list, although I have been following the
> various trails for a few months and find them very useful.
>
> Here goes. We are looking at ways of tightening up data security (in
> anticipation of maybe going for ISO 17799). At the moment we are pretty
> lax about usernames, email aliases and passwords, we need to tighten this
> up.
>
> My IT guy has suggested that instead of our current (easily guessible)
> Username protocol we get people to use their NI numbers (as thier
Username)
> instead. Can anyone see real problems with asking staff to use their NI
> number?? The HR dept and Finance already have this number on file for
> obvious reasons, so its just the IT guys who would have access to it too
> (although they probably already have through Admin privileges on our
> Finance system). Your NI number is not sensitive personal data either - I
> think? So would there be any other problems with this approach?
>
> Thanks for any help and advice in advance
>
> Paula
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|