Comments on: The only limit to identity theft is the thieves themselves http://www.samsworldofno.com/2007/12/19/the-only-limit-to-identity-theft-is-the-thieves-themselves/ Bringing negativity to the digital world Mon, 11 Jan 2010 16:53:31 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: JC http://www.samsworldofno.com/2007/12/19/the-only-limit-to-identity-theft-is-the-thieves-themselves/comment-page-1/#comment-79 JC Wed, 19 Dec 2007 12:24:02 +0000 http://www.samsworldofno.com/2007/12/19/the-only-limit-to-identity-theft-is-the-thieves-themselves/#comment-79 This is very true. And what about all the sites which ask for some personal information as a means of identifying us if we forget our login password? Think of all the websites you ordered from online, then can you remember which asked for some other information? I bet you can't. I also bet you gave a bit more personal information to a load of them. I recently was forced through some new hoops on a website I have an account for. They said they were 'tightening' their security and needed me to fill in some more information. The page had three questions to be completed, you could select only from their predefined (and short) list. You couldn't skip any, and you had to enter at least six characters. Choices were: * Mother's maiden name * Place of birth * First Car * First pet's name ..and this was a login for a content site. Now, my understanding of the data protection laws says that you are only allowed to store/process personal information if it is relevant to the service you are providing. How is this relevant? I called them, and was basically told that there was nothing they could do about it. I told them that 'Mini' was only four characters long, they said use a different question. I emailed their privacy contact and got a response which indicated they thought there was nothing wrong with the information they were collecting. And the company? Gallup. This is very true. And what about all the sites which ask for some personal information as a means of identifying us if we forget our login password? Think of all the websites you ordered from online, then can you remember which asked for some other information? I bet you can’t. I also bet you gave a bit more personal information to a load of them.

I recently was forced through some new hoops on a website I have an account for. They said they were ‘tightening’ their security and needed me to fill in some more information. The page had three questions to be completed, you could select only from their predefined (and short) list. You couldn’t skip any, and you had to enter at least six characters. Choices were:

* Mother’s maiden name
* Place of birth
* First Car
* First pet’s name

..and this was a login for a content site. Now, my understanding of the data protection laws says that you are only allowed to store/process personal information if it is relevant to the service you are providing. How is this relevant?

I called them, and was basically told that there was nothing they could do about it. I told them that ‘Mini’ was only four characters long, they said use a different question.

I emailed their privacy contact and got a response which indicated they thought there was nothing wrong with the information they were collecting.

And the company? Gallup.

]]>