Roland Perry on 22 June 2006 at 09:26 said:-
> >I disagree. Disregarding the use of any particular set of personal
> >data for unintended/illegitimate purposes the root issue
> appears to be
> >the difference in real organisational security of personal
> data against
> >the actual and potentially diverse individual requirements of
> >customers.
>
> What I observed in the USA (I lived there for a while) was
> not so much
> people losing my information [I think mandatory reporting of breeches
> probably makes the situation sound worse that it really is,
> compared to
> the UK where we don't hear about them] but that possession of a token
> like a person's Social Security number was very powerful and could be
> misused.
>
> Over here, not only is the NI number not so widely used, but
> people ask
> for proof of your NI number, not simply for you to be able to
> quote it.
> It's a bit like the "mothers maiden name" thing.
Your observation regarding mandatory reporting of breeches in the USA
certainly seems to create some focus to apply appropriate security measures
rather than generating pressures to suppress personal data problems and
security is not seen as requiring addressing. Could that be perceived as an
indicator between a primary focus between action v spin or flexibility v
rigidity?
The unintended use of the USA SS number for wider purposes has previously
been given as a cause by some for many of the existing vulnerabilities and
potential for misuse.
Whilst not necessarily so widely reported (and possibly not so widespread) I
understand that the UK NI number is not invulnerable to misuse and abuse,
perhaps that is why when used for the original purpose additional proof is
required.
The context within the purpose for personal data is what makes it most
accurate and valuable to all parties involved. Changing that context not
only bypasses the purpose it can reduce the value of any relationship.
Sadly where data subjects are concerned value can be shifted between data
subjects and organisations by using data for other purposes, and as there is
very little chance for recompense for data subjects many organisations will
no doubt continue to largely ignore any original context and purpose
resulting in situations similar to the USA SS number one where some have
even stated the whole USA SS apparatus needs replacing as a result.
Generically not too dissimilar to reported personal privacy issuances.
One could say that data protection has its purpose.
Ian
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.2/372 - Release Date: 6/21/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|