It looks very worrying to me. It seems to be a fraudster's charter if it is
widely accessible. It will also make it very difficult for many statutory
authorities. At present they are often willing to deal with the public or
representatives of the public on receipt of such personal details as they
think are necessary in order to verify identity. These may be things such as
date of birth, NI number etc. If these details are freely available what
will organizations be able to ask for as proof of ID? Maybe an identity
card? Back door method of making identity cards compulsary?
These are purely personal views.
Tony Smith
-----Original Message-----
From: Lewis Bourne [mailto:[log in to unmask]]
Sent: Wednesday, September 26, 2001 3:01 PM
To: [log in to unmask]
Subject: British Standard for Identifying a citizen
Perhaps members would be interested in commenting on the following:
I have been contacted by a colleague who is working in a virtual working
party tasked with developing BS8766 "Identification and referencing of
the citizen" naming standard.
This is still a concept with no specific timeframe but has been given
added vitality by recent comments about a national I.D card.
The concept is being driven by the I&DeA (Improvement and development
agency) and their aspiration to have a National name and address
database. It is also linked in with the National Electronic Electoral
Rolling Register.
The bottom line in all this is that citizens can inform local or central
government once about e.g. a move of house or any other life event and
everyone will be informed in one go.
The national address convention already exists. What BS8766 aims to do
is to introduce a convention for identifying a citizen. This standard
is still very much in a consultative stage (smoke filled rooms). My
initial comment was "Has the group had any Data Protection input"
comment received was "DPA has been mentioned and the idea would be that
the framework will only be put in place if citizens give consent!!"
The I&DeA are being driven by Local Authorities. I am led to believe
that Central Government is doing a similar thing through UK Online -
somewhere, somehow the two may come together. My concern is that this
process may be overlooking the requirements of the Data Protection Act.
For your additional information I have reproduced a draft 'table' that
covers the suggested format of recording a citizens name record and,
also some "virtual working group" ideas for how citizens can be
referenced locally:
The groups comments re: the DP consequences of such a concept would be
useful
DATA ITEM: Proposed Field Name: Field Length:
Mandatory Y/N: Format/comments:
Unique Pupil PUPILUPN 13
N Could be used as
Number
identifier for school
age citizens.
National NATINSNO ?
N Where available, and
Insurance
citizen permits use
Number
can be used as
identifier, may be used
in combination with
other identifiers.
DVLA Drivers
licence number DVLALICNO ?
N Where available and
citzen permits use.
Passport Number PASSPRTNO ?
N Where available and
citizen permits use.
Electoral Roll
Number ELEROLLNO ?
N Where available and
citizen permits use.
Unique Tax
Reference UNIQTAX ?
N Where available and
citizen permits use.
Last Name LASTNAME 30
Y Legal last name.
First Name FIRSTNAME 15
N Full first name.
Other Names 25
N Any character string
Date of Birth DOB 8
Y Date format
ddmmyyyy
other info is Gender, Former names, Ethnicity, Nationality, mother
tongue, preferred language, refugee indicator, Religious affiliation,
medical conditions, various property details.
You get the idea!
My initial thoughts go along the lines of Fairness - how will all this
be obtained?, lawful - 'general identifiers' NO even if 'citizen' gives
consent. Excessive - is all this required for the business purpose (is
the purpose transparent?). Need I go on?
Any views.
Lewis Bourne
Principal Information Security Officer
I.C.T. Services
This e-mail contains proprietary information some of which
or all of which may be legally privileged. It is for the
intended recipient only. If an addressing or transmission
error has misdirected the e-mail, please notify the author by
replying to this email. If you are not the intended recipient
you must not use, disclose, distribute, copy, print or rely
on this e-mail.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|