Dear all
I do not want to insist necessarely on the point of 'enforcement' but there must be a DPA reference to acknowledge requests for password changes. What do you think? I have been finding surprising results while assessing these apparently dull and basic procedures.
For instance, another website / portal, besides the Transport for London procurement one, that seems not reactive or reacting inconsistently is NHS Choices. Conversely, I have found small businesses surprisingly safer than big ones and some procedures are designed in a very complicated way, that inevitably may lead the real owners to errors under panic whilst fraudsters can be obviously able to keep calm and follow their procedures to impersonate others.
HMRC online procedure (they have also a paper based alternative) is in this respect very challenging but it is quite straighforward and it works fast (if you are the real owner of the account). Professional associations and websites with access control and authentication interely relying on a certain platform are the weakest.
These are my small survey results. But as I said understanding what you think should or may be the references under DPA or other relevant legislation to force compliance on this point would be very appreciated.
Brunella Longo
Information Management Adviser
http://www.brunellalongo.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|