[LINK] Intriguing demand for information
Roger.Clarke at xamax.com.au
Thu Jan 1 11:55:19 AEDT 2015
Agreed to all of the below, but ...
(1) it's up to the organisation asking for the information to justify their request/demand - and, weak as both Australian data protection law and its enforcement may be, there is actually a hook in the law that the organisation can be hung on
(2) as a systems analyst of (too) long standing, I'm prepared to allow for the possibility that there *could* be a justification. (But I prefer to hold fire on that aspect, pending a response from the organisation).
In my rush to get away from my desk last night, I failed to take the opportunity to wish everyone a Happy New Year.
Here's the greeting that I sent the privacy list:
>UK ICO's web-site discloses that, during 2014, it levied Stg 870,000 in fines on 8 organisations that "deliberately or recklessly" breached data protection law.
>We wish for a Happy New, Sanction-Filled Year (:-)}
At 11:22 +1100 1/1/15, Ivan Trundle wrote:
>Roger's follow-up is as succinct as ever, but the overriding question, from my perspective, is 'In whose interest is it to have this information, and what does it achieve?'
>I can buy and sell all manner of goods and services via the web, and have yet to have to prove that I am who I am by anything other than a credit card.
>It begs the question of why a seller of good and services deems this a requirement - what are they selling that invites fraud, what security procedures and protocols do them employ to ensure that a transaction is what it seems?
>You could spin this one around and ask what protocols are in place for phone orders, for example.
>I agree, though, David - anything can be 'validated' with no effort on the part of an amateur miscreant.
>> On 31 Dec 2014, at 8:12 pm, David Boxall <linkdb at boxall.name> wrote:
>> Hi all,
>> I'm puzzling over the message below.
>> Given the ease with which a scan can be falsified, would providing scans
>> of documents really validate anything?
>> In view of the information on the documents they demand, are they in
>> violation of privacy legislation?
>> And yes, I'm aware that some customers of the site have had problems.
>> David Boxall | I have not yet begun to fight!
>> | --John Paul Jones
>> http://david.boxall.id.au |
>> -------- Forwarded Message --------
>> Subject: Please help us to validate your ValueBasket.com.au order (...)
>> Date: Wed, 31 Dec 2014 04:03:58 +0000
>> From: agatha at valuebasket.com
>> To: ...
>> ValueBasket.com.au 332140-663033
>> Dear David,
>> Thank you for placing an order with ValueBasket.com.au
>> With regards to your purchase made on 30/12/2014 , I am sorry to inform
>> you that your order is temporarily on hold. To protect our customers
>> from potentially fraudulent online activities, it is our policy to put
>> all orders through a rigorous screening process, and on occasion some
>> are held for further manual verification.
>> This verification process requires you to provide us with some documents
>> that serve as proof of your address and identity. This is a fairly
>> standard industry procedure ? for your information I have provided some
>> examples of other websites which adopt a similar process at the bottom
>> of this email.
>> In order to allow us to continue processing your order, could you please
>> provide us with the following documentation:
>> * Billing Address proof (Your most current utility bill for your
>> electricity, water, etc)
>> * Photo ID such as driving license, passport, etc.
>> While I understand that you might be reluctant to reveal your personal
>> information, here at ValueBasket.com.au, we take the security and
>> privacy of our customers very seriously. Therefore, I hope you
>> understand that by asking for these documents, we are doing our best to
>> protect both your interests and ours.
>> Your immediate assistance will be greatly appreciated, as we look
>> forward to continue processing your order.
>> Please attach the documents with your reply to this email, and if you
>> have any other concerns, please don?t hesitate to let us know in your reply.
>> A variety of online retailers use similar security procedures, including:
>> * B&H photo:
>> * Mvixusa.com: http://mvixusa.com/kb.php?id=61
>> * Tristatecamera.com: http://www.tristatecamera.com/faq.php
>> Link mailing list
>> Link at mailman.anu.edu.au
>Link mailing list
>Link at mailman.anu.edu.au
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916 http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link