[LINK] Intriguing demand for information

Thu Jan 1 11:55:19 AEDT 2015

Agreed to all of the below, but ...

(1)  it's up to the organisation asking for the information to justify their request/demand - and, weak as both Australian data protection law and its enforcement may be, there is actually a hook in the law that the organisation can be hung on

(2)  as a systems analyst of (too) long standing, I'm prepared to allow for the possibility that there *could* be a justification.  (But I prefer to hold fire on that aspect, pending a response from the organisation).

In my rush to get away from my desk last night, I failed to take the opportunity to wish everyone a Happy New Year.

Here's the greeting that I sent the privacy list:
>UK ICO's web-site discloses that, during 2014, it levied Stg 870,000 in fines on 8 organisations that "deliberately or recklessly" breached data protection law.
>https://ico.org.uk/action-weve-taken/enforcement
>
>We wish for a Happy New, Sanction-Filled Year  (:-)}

_____________

At 11:22 +1100 1/1/15, Ivan Trundle wrote:
>Roger's follow-up is as succinct as ever, but the overriding question, from my perspective, is 'In whose interest is it to have this information, and what does it achieve?'
>
>I can buy and sell all manner of goods and services via the web, and have yet to have to prove that I am who I am by anything other than a credit card.
>
>It begs the question of why a seller of good and services deems this a requirement - what are they selling that invites fraud, what security procedures and protocols do them employ to ensure that a transaction is what it seems?
>
>You could spin this one around and ask what protocols are in place for phone orders, for example.
>
>I agree, though, David - anything can be 'validated' with no effort on the part of an amateur miscreant.
>
>iT
>
>
>> On 31 Dec 2014, at 8:12 pm, David Boxall <linkdb at boxall.name> wrote:
>> 
>> Hi all,
>> 
>> I'm puzzling over the message below.
>> Given the ease with which a scan can be falsified, would providing scans 
>> of documents really validate anything?
>> In view of the information on the documents they demand, are they in 
>> violation of privacy legislation?
>> 
>> And yes, I'm aware that some customers of the site have had problems.
>> 
>> -- 
>> David Boxall                    |  I have not yet begun to fight!
>>                                |          --John Paul Jones
>> http://david.boxall.id.au       |
>> 
>> 
>> 
>> -------- Forwarded Message --------
>> Subject: 	Please help us to validate your ValueBasket.com.au order (...)
>> Date: 	Wed, 31 Dec 2014 04:03:58 +0000
>> From: 	agatha at valuebasket.com
>> To: 	...
>> 
>> 
>> 
>> ValueBasket.com.au 332140-663033
>> 
>> Dear David,
>> 
>> Thank you for placing an order with ValueBasket.com.au
>> 
>> ...
>> 
>> With regards to your purchase made on 30/12/2014 , I am sorry to inform 
>> you that your order is temporarily on hold. To protect our customers 
>> from potentially fraudulent online activities, it is our policy to put 
>> all orders through a rigorous screening process, and on occasion some 
>> are held for further manual verification.
>> 
>> This verification process requires you to provide us with some documents 
>> that serve as proof of your address and identity. This is a fairly 
>> standard industry procedure ? for your information I have provided some 
>> examples of other websites which adopt a similar process at the bottom 
>> of this email.
>> 
>> In order to allow us to continue processing your order, could you please 
>> provide us with the following documentation:
>> 
>>  * Billing Address proof (Your most current utility bill for your
>>    electricity, water, etc)
>>  * Photo ID such as driving license, passport, etc.
>> 
>> 
>> 
>> 
>> While I understand that you might be reluctant to reveal your personal 
>> information, here at ValueBasket.com.au, we take the security and 
>> privacy of our customers very seriously. Therefore, I hope you 
>> understand that by asking for these documents, we are doing our best to 
>> protect both your interests and ours.
>> 
>> Your immediate assistance will be greatly appreciated, as we look 
>> forward to continue processing your order.
>> 
>> Please attach the documents with your reply to this email, and if you 
>> have any other concerns, please don?t hesitate to let us know in your reply.
>> 
>> ...
>> A variety of online retailers use similar security procedures, including:
>> 
>>  * B&H photo:
>>    http://www.bhphotovideo.com/find/HelpCenter/Verification.jsp
>>    <http://www.bhphotovideo.com/find/HelpCenter/Verification.jsp>
>>  * Mvixusa.com: http://mvixusa.com/kb.php?id=61
>>    <http://mvixusa.com/kb.php?id=61>
>>  * Tristatecamera.com: http://www.tristatecamera.com/faq.php
>>    <http://www.tristatecamera.com/faq.php>
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/ 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University