[ga-abuse] Re: [Admin] Challenge of identity
Harald, Harald Tveit Alvestrand wrote: ANo is not what was said here at all. What was said and was qualified was "that without specific written permission we, nor I am unable to provide this sort of information in the form's you indicate above under penalty of law." I highlighted for purposes of the emphasizing the qualifiers (An attention to detail sort of thing) the qualifiers to what you suggested as the means. Yes Joe Baptista ask you clearly several times Harald. see:http://www.dnso.org/clubpublic/ga/Arc03/msg00948.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg00996.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg01005.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg01064.html I usually use my debit card or credit card for moving money or wire transfer it if it is a large amount. I only have provided this level or information to a Physical person in the flesh once or twice in order to do the transfer. After the first time I handle transfers of larg sums of money with a phone call. For voting in Texas anyway I only need to register once every 6 years I believe. I did that two years ago. After than I can vote via the Internet here in Texas for state and local elections or go to a voting place and do so without showing any ID of any kind, just sign the certification and match my namd with the registration rolls. But this situation is NOT voting in a public government election, nor am I, Bob or James buying anything or transferring money. I don't find it particularly interesting either. But that is not really relevant is it? They are valid keys and Bob is in possession of his and they are good for commerce use. I don't usually use PGP for that financial purposes, but I have at times. I know Bob has quite a few times. Still valid as far as the major financial institutions are concerned. That should be more than sufficient. Besides you had ask for them once before, and even chided me for being reluctant to provide them. Now that Bob has and James has his Cert, you are negating it. This seems rather like a catch 22 situation the further you extend this situation Harald. No, it is not my personal number. My personal number is not listed and VERY private, or not for public consumption. >;) This is our official business line with quite a few extensions. James and Bob have special ones.
Well you haven't called, you haven't shown that the information both Bob and James have provided is not valid. So why not? However you do still have the option of calling our security office at the business line provided, and has been for quite some time. Your option. It is an independent security organization that does these verifications for our members, INEG's crop customers from time to time should they request it, and for government agencies on a very rare occasion. They find it very good and quite satisfactory. DOJ and the FBI both use the same service for some offices I understand. You also have not filed the FOIA's yet have you? That is
yet another source
The other methods you suggest are illegal, and we do not have
any
Regards, --
Inegroup Fair Information Practice Principles (Privacy statement) Purpose The Software & Information Industry Association has adopted the following principles to give guidance to its member companies and the for the collection, use and dissemination of individually identifiable information. The principles are designed to apply to all organizations whether they obtain individually identifiable information directly from customers/consumers or from other sources. The principles are independent of any specific technology or market configuration. Because of the vast diversity of companies within the software and information industry, it is the responsibility of individual organizations and market sectors -- within the parameters of these principles -- to develop guidelines that are more precisely tailored to their businesses or industry sectors. Software and information companies create numerous products and services which either include individually identifiable information or are based on such information. Benefits are delivered to society through those products and services. In addition, these companies use individually identifiable information to provide valuable tailored products and services. The principles, therefore, balance consumer concerns regarding the collection, use and dissemination of information about them with the multitude of societal and economic benefits inherent in the free flow of such information. For purposes of this document, individually identifiable information is defined as any information which can be used to identify a specific individual in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural status or social affiliations. Aggregate information from which an individual cannot be readily identified is not individually identifiable information. We define these identifiers in terms of uses of software technology if they are complient with TurstE(tm) or EndTrust(tm). Other forms or software technology for purposes or identification such as PGP and S/Mime Certificates on a level one status are valid means of adaquate identification for individuals E-Mail addresses and other forms of electronic identifiers used in on the Internet. Scope The principles were designed to apply to individually identifiable information as used in or with software and information products and services. The principles apply to the collection, use and dissemination of individually identifiable information that is not regulated by law; and they should provide additional guidance for such activities that are regulated by law. The principles were not designed to apply to information about an individual included in an internal business record used in the normal course of business; linked to an individual serving in a business capacity; or obtained through newsgathering. INEGroup Principles Value It is information -- including individually identifiable information -- that makes our securities, publishing, credit, risk management, real estate, entertainment, online, electronic commerce and other markets so prosperous. The information industry, in turn, creates products and services which provide a wealth of benefits to individual and business customers such as customized products and services, instant credit, accurate employment screening aids and tools for detecting fraud. Software, online and electronic commerce companies use information to provide a wealth of tailored products and services to consumers and business markets. It is important to balance these beneficial uses with consumer concerns regarding the collection and use of individually identifiable information. Therefore, organizations in these markets shall collect and use individually identifiable information in a manner that benefits individuals, commerce and the society. The free flow of individually identifiable information is essential to democratic societies and market-based economies and has been the engine for employment, economic vitality and the high quality of life in the United States. Because of the philosophy of open access, industry has developed products and services that allow our service-based economy to work efficiently and effectively and individuals to enjoy the attendant benefits. INEGroup Policy Disclosure Disclosing policies or explaining practices regarding the collection, use and dissemination of individually identifiable information will lead to greater understanding of the benefits associated with the responsible use of this information. Organizations shall provide information about their uses of individually identifiable information or their policies through whatever media are appropriate. Organization policies and information about the collection, use and dissemination practices shall: Be easy to understand. Describe generally the sources, uses and types of individually identifiable information being collected. Examples of sources might include collection directly from individuals, from public records, or from affiliates or unaffiliated third parties. Examples of uses may include completion of a transaction, marketing, improvement of products and services, transfers to third parties, employment screening, or law enforcement. Examples of the types of individually identifiable information disseminated could range from name and address, to property holdings, to financial information. Describe whether individually identifiable information will be disseminated to affiliates or unaffiliated third parties. Specifically, unaffiliated third parties or unknown or identified organizations, individuals or their agents/representitives may should be able to easily as is possible obtain independant and verifyed information based on the TrustE model (See above). any and all information regarding INEGroup members, officers and affiliates must be considered a viable and reasonable request. These requests should be accomidated withing these guidelines. All such information cannot go beyond these bounds unless or until the permission of the individual or affiliate organizations expressed written and transmitted approval through secure encrypted or "Digitally singed" means. Should an unaffiliated request information to be transmitted in an unsecure mannor or method said said request is not likely to be in the best interest of the individual or affiliated organization and should be delt with as an untrusted third party and delt with in a legal manner, to be reported to the approporate legal authority via the most expediant secure electronic means possible. Address issues of choice; dissemination of individually identifiable information; information quality; information security; and access and correction procedures (as described in more detail below). Describe generally an organization's system of accountability for fair information practices. Many companies currently have in place fair information practices which safeguard individually identifiable information. This principle emphasizes the need for companies not only to adopt fair information practices but also to identify and disclose policies reflecting such practices or to explain those practices. Choice Many organizations offer individuals choice with regard to the collection, use and dissemination of individually identifiable information. Information companies should, when appropriate, offer choices to individuals to limit uses of individually identifiable information. If it is inappropriate to offer individuals the ability to limit uses or collection, organizations should inform individuals in a timely manner that it is inappropriate and explain why it is inappropriate. For purposes of online activities, individuals must be given the opportunity to exercise choice regarding how individually identifiable information collected from them may be used when such use is unrelated to the purpose for which the information was collected. At a minimum, individuals should be given the opportunity to opt out of such use or collection. Additionally, in the vast majority of circumstances where there is third party distribution of individually identifiable information, collected online from the individual and unrelated to the purpose for which it was collected, the individual should be given the opportunity to opt out without fear or condition of impunity. There is a long tradition of allowing consumers to limit the use of individually identifiable information for marketing purposes. There may be other circumstances where it is appropriate to allow individuals to limit the use and dissemination of individually identifiable information including when the information contains certain types of personal financial or medical history information and most information about children. On the other hand, there may be circumstances where it is inappropriate to allow individuals to limit the dissemination and use of individually identifiable information such as when the information was originally obtained from public records; the information is being used for billing purposes; the information is being used in the investigation of a crime, or the information's use is regulated by law. Dissemination of Individually Identifiable Information An organization's use and dissemination of individually identifiable information shall be consistent with any known policy disclosures and choices regarding use and dissemination. Therefore, organizations shall take reasonable steps to ensure that: 1.Their own uses of individually identifiable information are not incompatible with any known policy disclosures and choices regarding those uses. 2.Individually identifiable information is disseminated only to affiliates or to unaffiliated third parties whose subsequent uses or collection of the information are not incompatible with any known policy disclosures and choices and that have fair information practices or policies in place. 3.To ensure that individually identifiable information is disseminated only in a manner consistent with disclosures given to individuals, entities which are supplying information and entities which are obtaining it should discuss whether disclosures have been given or will be given. Supplying entities should take reasonable measures to make known any disclosures, while entities obtaining information should make reasonable inquiry as to whether disclosures have been made. These disclosures must meet a minimum standard that TurstE requires and be TrustE certified. Quality Providing accurate and up-to-date individually identifiable information is one of the factors which makes the information industry valuable to its customers and society as a whole. Organizations shall, therefore, take reasonable steps to attain a high level of information quality, consistent with industry practice and customer need. Information quality means that individually identifiable information should be accurate, complete, and current. The required level of information quality depends upon the purpose for which the information will be used. For example, the quality of the information needed for a mailing list used strictly for marketing purposes may be different than the quality of the information needed for a mailing list used to deliver monthly bank statements or safety recall notices or a mailing list used for voting, discussion and debate on topic related issues. Security Information security is a key feature of responsible collection, use and dissemination of individually identifiable information. Organizations shall, therefore, take reasonable and appropriate measures to secure information they collect and use or collect (See TrustE). If the individually identifiable information is disseminated, the disseminating organization should take reasonable steps with respect to affiliates and individualsor the unaffiliated third parties who are receiving the information to protect against security risks. Examples of security risks associated with individually identifiable information include, but are not limited to: unauthorized access, use, modification, disclosure, destruction or loss. Steps to protect against security risks could include contractual protections, technological protections, as well as education and training of employees regarding access and dissemination limitations. Access & Correction Because of the vast diversity of organizations in the information industry, the processes for accessing and correcting individually identifiable information will differ from organization to organization. In particular, there may be differences in the processes employed by organizations that collect information directly from individuals and those that collect information from other sources. A. Individually Identifiable Information Collected Directly from Individuals: Organizations shall respond to individuals' inquiries as to whether an organization maintains individually identifiable information about them. Organizations will develop reasonable procedures which allow individuals to understand the nature and substance of individually identifiable information maintained about them and, if appropriate, allow individuals to review such information. Organizations, if appropriate, will correct or delete individually identifiable information claimed to be inaccurate if this can be legally shown by the collecting organization, or incomplete. Organizations will, in a timely manner, provide an explanation and describe why they cannot either satisfy an inquiry or why they find it inappropriate to change or delete individually identifiable information which individuals have claimed to be inaccurate or incomplete.he organization. This organization must show clearly legally, and without delay (10 days), that the said claim of inaccurate information that the individual requested to be deleated be deleated within this time frame. B. Individually Identifiable Information Collected from Sources Other than Individuals: Organizations shall respond to individuals' inquiries as to whether an organization maintains individually identifiable information about them or provides access through other means. Organizations shall inform individuals, upon request, about the sources or types of sources from which individually identifiable information is obtained. Organizations must answer directly and without equivication, any and all queries or questions to the individual regarding the information directly, providing any specific documentation through secure electronic means the Individual requests and/or requires. Organizations shall explain access and correction policies when individuals have made requests to access or correct individually identifiable information; or, if more appropriate, organizations shall identify the source of the information so that individuals can seek to have the inaccurate or incomplete information corrected or deleted. Such a deleation request must be met within the 10 days requirnment irrespective of the time frame the individual requested. Confermation must be sent through electronic means if and when possible or requested by the individual. Individuals desire the opportunity to know if information about them resides within organizations' databases. If information about them is maintained, individuals would often like the opportunity to view or to have access to such information. The access and correction principle (encompassed in A&B above) Inegroup members require requesting organizations to have appropriate policies to address inquiries from individuals regarding individually identifiable information which they maintain or provide access through other means. Accountability. Information companies must have implemented the principles articulated and should establish a system of accountability for such implementation. Information organizations that disseminate individually identifiable information to affiliates or unaffiliated third parties must have implemented mechanisms to verify and remedy abuses associated with the information they provide, including refusal to transfer information to third parties when demonstrated abuses have been shown.
|