Agreed to all of the below, but ... (1) it's up to the organisation asking for the information to justify their request/demand - and, weak as both Australian data protection law and its enforcement may be, there is actually a hook in the law that the organisation can be hung on
(2) as a systems analyst of (too) long standing, I'm prepared to allow for the possibility that there *could* be a justification. (But I prefer to hold fire on that aspect, pending a response from the organisation). In my rush to get away from my desk last night, I failed to take the opportunity to wish everyone a Happy New Year. Here's the greeting that I sent the privacy list: >UK ICO's web-site discloses that, during 2014, it levied Stg 870,000 in fines >on 8 organisations that "deliberately or recklessly" breached data protection >law. >https://ico.org.uk/action-weve-taken/enforcement > >We wish for a Happy New, Sanction-Filled Year (:-)} _____________ At 11:22 +1100 1/1/15, Ivan Trundle wrote: >Roger's follow-up is as succinct as ever, but the overriding question, from my >perspective, is 'In whose interest is it to have this information, and what >does it achieve?' > >I can buy and sell all manner of goods and services via the web, and have yet >to have to prove that I am who I am by anything other than a credit card. > >It begs the question of why a seller of good and services deems this a >requirement - what are they selling that invites fraud, what security >procedures and protocols do them employ to ensure that a transaction is what >it seems? > >You could spin this one around and ask what protocols are in place for phone >orders, for example. > >I agree, though, David - anything can be 'validated' with no effort on the >part of an amateur miscreant. > >iT > > >> On 31 Dec 2014, at 8:12 pm, David Boxall <[email protected]> wrote: >> >> Hi all, >> >> I'm puzzling over the message below. >> Given the ease with which a scan can be falsified, would providing scans >> of documents really validate anything? >> In view of the information on the documents they demand, are they in >> violation of privacy legislation? >> >> And yes, I'm aware that some customers of the site have had problems. >> >> -- >> David Boxall | I have not yet begun to fight! >> | --John Paul Jones >> http://david.boxall.id.au | >> >> >> >> -------- Forwarded Message -------- >> Subject: Please help us to validate your ValueBasket.com.au order (...) >> Date: Wed, 31 Dec 2014 04:03:58 +0000 >> From: [email protected] >> To: ... >> >> >> >> ValueBasket.com.au 332140-663033 >> >> Dear David, >> >> Thank you for placing an order with ValueBasket.com.au >> >> ... >> >> With regards to your purchase made on 30/12/2014 , I am sorry to inform >> you that your order is temporarily on hold. To protect our customers >> from potentially fraudulent online activities, it is our policy to put >> all orders through a rigorous screening process, and on occasion some >> are held for further manual verification. >> >> This verification process requires you to provide us with some documents >> that serve as proof of your address and identity. This is a fairly >> standard industry procedure ? for your information I have provided some >> examples of other websites which adopt a similar process at the bottom >> of this email. >> >> In order to allow us to continue processing your order, could you please >> provide us with the following documentation: >> >> * Billing Address proof (Your most current utility bill for your >> electricity, water, etc) >> * Photo ID such as driving license, passport, etc. >> >> >> >> >> While I understand that you might be reluctant to reveal your personal >> information, here at ValueBasket.com.au, we take the security and >> privacy of our customers very seriously. Therefore, I hope you >> understand that by asking for these documents, we are doing our best to >> protect both your interests and ours. >> >> Your immediate assistance will be greatly appreciated, as we look >> forward to continue processing your order. >> >> Please attach the documents with your reply to this email, and if you >> have any other concerns, please don?t hesitate to let us know in your reply. >> >> ... >> A variety of online retailers use similar security procedures, including: >> >> * B&H photo: >> http://www.bhphotovideo.com/find/HelpCenter/Verification.jsp >> <http://www.bhphotovideo.com/find/HelpCenter/Verification.jsp> >> * Mvixusa.com: http://mvixusa.com/kb.php?id=61 >> <http://mvixusa.com/kb.php?id=61> >> * Tristatecamera.com: http://www.tristatecamera.com/faq.php >> <http://www.tristatecamera.com/faq.php> >> >> >> >> >> _______________________________________________ >> Link mailing list >> [email protected] >> http://mailman.anu.edu.au/mailman/listinfo/link > > >_______________________________________________ >Link mailing list >[email protected] >http://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 http://about.me/roger.clarke mailto:[email protected] http://www.xamax.com.au/ Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
