Print

Print
I'm going with "Fairly (and lawfully) processed"

It is not fair to distribute your date of birth because it was not intended to be processed for this purpose. An exception might be if the DOB is not ever revealed to anyone except you during the password reset process (ie is by a totally automatic system and is one way encrypted as the password on the access control system)


On 10 Aug 2010, at 16:48, Mark van Harmelen wrote:

Hi all

One would think that I could type words without sending an email...  let me try again


Working sometimes for a university, I was a bit shocked when I received this in an email....

The password ...... I have reset that to be your date of birth in the form YYYYMMDD.

ie my DoB is in the central HR system, it then gets passed to a central IT system, and local departmental system administrators can access that information. They cunningly use a user's DoB as a password when resetting passwords, in order not to mail passwords around in plain text.

But isn't my DoB my personal data that should be safely guarded by the HR department?

If someone can quote chapter and verse to me such that I can get our uni's data protection officer to change things, then that would be great.

Thanks
mark

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Marketing by Permission

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)