On Mon, Oct 30, 2006 at 04:28:57PM -0000, Tim Trent wrote:
> Since people worry about ID Theft, I think it is valid to ask for serious
> ID, even for "trivial" details. This is for our protection as much as
> theirs.
> The more private the data the more security we need to deploy.
I think a good rule of thumb is that you should not be requesting any
form that ID that provides any data that you don't already (legitimately)
hold on the data subject.
i.e. proving identity should not involve revealing more information
than would already be known.
Tony
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|