In message <[log in to unmask]>, at
11:10:13 on Wed, 21 Jun 2006, Ian Welton <[log in to unmask]> writes
>> What needs fixing is the lack of robustness in the authentication
>> process (a system that relies upon Security by [not very much]
>> Obscurity), rather than trying to maintain the elusive obscurity of
>> things like SS (or National Insurance) number being regarded as a
>> "secret".
>
>I disagree. Disregarding the use of any particular set of personal data for
>unintended/illegitimate purposes the root issue appears to be the difference
>in real organisational security of personal data against the actual and
>potentially diverse individual requirements of customers.
What I observed in the USA (I lived there for a while) was not so much
people losing my information [I think mandatory reporting of breeches
probably makes the situation sound worse that it really is, compared to
the UK where we don't hear about them] but that possession of a token
like a person's Social Security number was very powerful and could be
misused.
Over here, not only is the NI number not so widely used, but people ask
for proof of your NI number, not simply for you to be able to quote it.
It's a bit like the "mothers maiden name" thing.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|