Roland Perry 24 April 2004 at 21:08 said:-
> That's only less secure if for some reason you know their
> Christian name is their mother's maiden name.
There are a few relatively common security questions which most businesses
record, and then ask. So if some of the PI/information/hacking groups are
to be believed you merely have find out the answer to those few questions
prior to making any approach.
ID would be even easier, many organisations would record the ID number and
rely upon that. So obtain the ID number prior to making the approach. And
as it will be recorded at many places that should not be difficult.
Principle seven compliance can be proven, but does the method show adequate
(state of the art) security?
If you are a person who really needs security you would certainly need to
avoid those types of security check by making up different details, or (and
probably more secure) us false personal data.
A little bit like circulating people on the internet as wanted, when you
analyse the situation and add costs of escorting offenders back to court,
provided they are in the country, or that the country they have been found
in has relevant extradition treaties, all is not as simple as it initially
seems.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Roland Perry
> Sent: 24 April 2004 21:08
> To: [log in to unmask]
> Subject: Re: "Most people" happy with ID cards
>
>
> In message <[log in to unmask]>,
> J.S.M.Whitaker <[log in to unmask]> writes
> >And what about those of us who have their mother's maiden
> name as one
> >of their Christian names? Not uncommon so blows some common
> "security"
> >questions into the weeds.
>
> That's only less secure if for some reason you know their
> Christian name is their mother's maiden name. For example, if
> my mother's maiden name was Roland, how would you know?
> --
> Roland Perry
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list
> please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|