Matthew Nunn posted - "Also, in more general terms, do other institutions have a policy for dealing with general personal telephone enquiries. Do you have any policies whereby you use a student number as a means of identifying individuals? Or do you trust the caller that they are who they say they are? If the information is particularly sensitive then I believe that calling the person back on a number already recorded by the student themselves at enrolment is sensible". ............ The e-envoy website has some useful guidance on authentication levels and verification issues. The authentication framework is at www.e-envoy.gov.uk/publications/frameworks/authentication/contents.htm and the caller validation for govt. call centres is www.e-envoy.gov.uk/publications/frameworks/callcentres/guidelines.htm (I've listed htm format, but the docs are also available in a number of formats) regards Su Su Goulding Legal Officer, NSPCC 020-7825-1393 [log in to unmask] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^