In message <[log in to unmask]>, at 07:04:48 on Tue, 31 Oct 2006, Tony Bowden <[log in to unmask]> writes >I think a good rule of thumb is that you should not be requesting any >form that ID that provides any data that you don't already (legitimately) >hold on the data subject. > >i.e. proving identity should not involve revealing more information >than would already be known. That's an interesting approach. Should I get some sort of certified copy of my birth certificate that redacts the things you didn't already know (like names of parents, place I was born, and maybe even my date of birth?) Is what is left sufficiently useful? -- Roland Perry ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^