On Tue, Feb 07, 2006 at 10:18:15AM -0000, Tim Trent wrote:
> BT has also changed its website to reflect the withdrawal of the "phone
> number only" part of the service. It now requires the account number as
> well. However it has not given customers any way of opting out of that
> (more secure) portion yet.
Surely this misses the point quite spectacularly?
The issue wasn't primarily security - it was the releasing of
information without the customer's consent or knowledge.
Yes, they may have made it slightly harder for this to happen, but
reinstating the service without addressing the core issue seems be
the wrong response.
I don't recall BT ever warning me to treat my account number as completely
confidential, if anyone with it will be able to access my data. They
certainly don't treat it like a bank-card PIN or equivalent - it's
printed clearly on almost all correspondence from them, and I suspect
the percentage of the population who shred their phone bills and letters
from BT is rather small...
Tony
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|