On Fri, 10 Oct 2003 16:43, Zane Gilmore wrote: > The point I was making was that an organisation is not allowed to use > somebodies IRD number to uniquely identify them unless they are the IRD > > Here at the university we are not allowed to ask people for their IRD > number to get access to their record. > > The power company would not be allowed to use my University student ID > number to find someone in their records. > etc etc > > My understanding though is that in the US anybody can use the social > security number of a person as the identifier of that person in any > database system. > *That* is what makes identity theft possible.
(+5 Insightful) Thanks for clarifying that, Zane. While I knew that using a SSN as universal ID is stupid, I did not know that NZ makes such a stupid practice illegal. I'm glad it does! What makes it so stupid is that SSNs of US citizens are so easy to get hold of. All call centres I'v worked in use name & D.O.B. to verify that the caller is who they say they are, which is insecure, but they also give the option of having a password. The other annoying but probably good thing is that we're not allowed to give info to a spouse unless the spouse is listed on the customer's file as an authorised party. This annoys customers but it has prevented malicious ex-partners from causing mischeif on more than one occassion. (I remember at a power company I worked for a caller tried to get his ex-partner's power disconnected but I somehow guessed it was dodgy and rang the lady to confirm. I then offered to put a password on her account.) I certainly don't keep any info like that on my home PCs, even with Linux. What if that openSSH hole recently hadn't been patched? Yuri -- This PC runs Linux. If you find a virus apparently from me, it has forged the e-mail headers on someone else's machine. Please do not notify me when this occurs. Thanks.
