[ga-abuse] Re: [Admin] Challenge of identity
Harald, Harald Tveit Alvestrand wrote: ANo is not what was said here at all. What was said and was qualified was "that without specific written permission we, nor I am unable to provide this sort of information in the form's you indicate above under penalty of law." I highlighted for purposes of the emphasizing the qualifiers (An attention to detail sort of thing) the qualifiers to what you suggested as the means. Yes Joe Baptista ask you clearly several times Harald. see:http://www.dnso.org/clubpublic/ga/Arc03/msg00948.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg00996.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg01005.html and, http://www.dnso.org/clubpublic/ga/Arc03/msg01064.html I usually use my debit card or credit card for moving money or wire transfer it if it is a large amount. I only have provided this level or information to a Physical person in the flesh once or twice in order to do the transfer. After the first time I handle transfers of larg sums of money with a phone call. For voting in Texas anyway I only need to register once every 6 years I believe. I did that two years ago. After than I can vote via the Internet here in Texas for state and local elections or go to a voting place and do so without showing any ID of any kind, just sign the certification and match my namd with the registration rolls. But this situation is NOT voting in a public government election, nor am I, Bob or James buying anything or transferring money. I don't find it particularly interesting either. But that is not really relevant is it? They are valid keys and Bob is in possession of his and they are good for commerce use. I don't usually use PGP for that financial purposes, but I have at times. I know Bob has quite a few times. Still valid as far as the major financial institutions are concerned. That should be more than sufficient. Besides you had ask for them once before, and even chided me for being reluctant to provide them. Now that Bob has and James has his Cert, you are negating it. This seems rather like a catch 22 situation the further you extend this situation Harald. No, it is not my personal number. My personal number is not listed and VERY private, or not for public consumption. >;) This is our official business line with quite a few extensions. James and Bob have special ones.
Well you haven't called, you haven't shown that the information both Bob and James have provided is not valid. So why not? However you do still have the option of calling our security office at the business line provided, and has been for quite some time. Your option. It is an independent security organization that does these verifications for our members, INEG's crop customers from time to time should they request it, and for government agencies on a very rare occasion. They find it very good and quite satisfactory. DOJ and the FBI both use the same service for some offices I understand. You also have not filed the FOIA's yet have you? That is
yet another source
The other methods you suggest are illegal, and we do not have
any
Regards, --
Inegroup Fair Information
Practice Principles (Privacy statement)
Purpose
The Software & Information Industry Association has
adopted the following principles to give guidance to its
member companies and the for the collection, use and
dissemination of individually identifiable information.
The principles are designed to apply to all organizations whether they obtain
individually identifiable information directly from customers/consumers or from
other sources. The principles are independent of any specific technology or
market configuration. Because of the vast diversity of companies within the
software and information industry, it is the responsibility of individual organizations
and market sectors -- within the parameters of these principles -- to develop
guidelines that are more precisely tailored to their businesses or industry sectors.
Software and information companies create numerous products and services
which either include individually identifiable information or are based on such
information. Benefits are delivered to society through those products and
services. In addition, these companies use individually identifiable information to
provide valuable tailored products and services. The principles, therefore, balance
consumer concerns regarding the collection, use and dissemination of information
about them with the multitude of societal and economic benefits inherent in the
free flow of such information.
For purposes of this document, individually identifiable information is defined as
any information which can be used to identify a specific individual in particular by
reference to an identification number or to one or more factors specific to his or
her physical, physiological, mental, economic, cultural status or social affiliations.
Aggregate information from which an individual cannot be readily identified is not
individually identifiable information. We define these identifiers in terms of
uses of software technology if they are complient with TurstE(tm) or
EndTrust(tm). Other forms or software technology for purposes or identification
such as PGP and S/Mime Certificates on a level one status are valid means
of adaquate identification for individuals E-Mail addresses and other forms of
electronic identifiers used in on the Internet.
Scope
The principles were designed to apply to individually identifiable information as
used in or with software and information products and services. The principles
apply to the collection, use and dissemination of individually identifiable
information that is not regulated by law; and they should provide additional
guidance for such activities that are regulated by law. The principles were not
designed to apply to information about an individual included in an internal
business record used in the normal course of business; linked to an individual
serving in a business capacity; or obtained through newsgathering.
INEGroup Principles
Value
It is information -- including individually identifiable information -- that makes our
securities, publishing, credit, risk management, real estate, entertainment, online,
electronic commerce and other markets so prosperous. The information industry,
in turn, creates products and services which provide a wealth of benefits to
individual and business customers such as customized products and services,
instant credit, accurate employment screening aids and tools for detecting fraud.
Software, online and electronic commerce companies use information to provide a
wealth of tailored products and services to consumers and business markets. It is
important to balance these beneficial uses with consumer concerns regarding the
collection and use of individually identifiable information. Therefore, organizations
in these markets shall collect and use individually identifiable information in a
manner that benefits individuals, commerce and the society.
The free flow of individually identifiable information is essential to democratic
societies and market-based economies and has been the engine for employment,
economic vitality and the high quality of life in the United States. Because of the
philosophy of open access, industry has developed products and services that
allow our service-based economy to work efficiently and effectively and
individuals to enjoy the attendant benefits.
INEGroup Policy Disclosure
Disclosing policies or explaining practices regarding the collection, use and
dissemination of individually identifiable information will lead to greater
understanding of the benefits associated with the responsible use of this
information. Organizations shall provide information about their uses of
individually identifiable information or their policies through whatever media are
appropriate.
Organization policies and information about the collection, use and dissemination
practices shall:
Be easy to understand.
Describe generally the sources, uses and types of individually identifiable
information being collected. Examples of sources might include collection
directly from individuals, from public records, or from affiliates or
unaffiliated third parties. Examples of uses may include completion of a
transaction, marketing, improvement of products and services, transfers to
third parties, employment screening, or law enforcement. Examples of the
types of individually identifiable information disseminated could range from
name and address, to property holdings, to financial information.
Describe whether individually identifiable information will be disseminated
to affiliates or unaffiliated third parties. Specifically, unaffiliated
third parties or unknown or identified organizations, individuals or their
agents/representitives may should be able to easily as is possible obtain
independant and verifyed information based on the TrustE model (See above).
any and all information regarding INEGroup members, officers and affiliates
must be considered a viable and reasonable request. These requests should
be accomidated withing these guidelines. All such information cannot go
beyond these bounds unless or until the permission of the individual or
affiliate organizations expressed written and transmitted approval through
secure encrypted or "Digitally singed" means. Should an unaffiliated
request information to be transmitted in an unsecure mannor or method said
said request is not likely to be in the best interest of the individual or
affiliated organization and should be delt with as an untrusted third party
and delt with in a legal manner, to be reported to the approporate legal
authority via the most expediant secure electronic means possible.
Address issues of choice; dissemination of individually identifiable
information; information quality; information security; and access and
correction procedures (as described in more detail below).
Describe generally an organization's system of accountability for fair
information practices.
Many companies currently have in place fair information practices which
safeguard individually identifiable information. This principle emphasizes
the need for companies not only to adopt fair information practices but also
to identify and disclose policies reflecting such practices or to explain those
practices.
Choice
Many organizations offer individuals choice with regard to the collection, use and
dissemination of individually identifiable information. Information companies
should, when appropriate, offer choices to individuals to limit uses of individually
identifiable information. If it is inappropriate to offer individuals the ability to limit
uses or collection, organizations should inform individuals in a timely manner that it is
inappropriate and explain why it is inappropriate.
For purposes of online activities, individuals must be given the opportunity to
exercise choice regarding how individually identifiable information collected from
them may be used when such use is unrelated to the purpose for which the
information was collected. At a minimum, individuals should be given the
opportunity to opt out of such use or collection. Additionally, in the vast majority of
circumstances where there is third party distribution of individually identifiable
information, collected online from the individual and unrelated to the purpose for
which it was collected, the individual should be given the opportunity to opt out
without fear or condition of impunity.
There is a long tradition of allowing consumers to limit the use of individually
identifiable information for marketing purposes. There may be other
circumstances where it is appropriate to allow individuals to limit the use and
dissemination of individually identifiable information including when the
information contains certain types of personal financial or medical history
information and most information about children. On the other hand, there may be
circumstances where it is inappropriate to allow individuals to limit the
dissemination and use of individually identifiable information such as when the
information was originally obtained from public records; the information is being
used for billing purposes; the information is being used in the investigation of a
crime, or the information's use is regulated by law.
Dissemination of Individually Identifiable Information
An organization's use and dissemination of individually identifiable information
shall be consistent with any known policy disclosures and choices regarding use
and dissemination. Therefore, organizations shall take reasonable steps to ensure
that:
1.Their own uses of individually identifiable information are not incompatible
with any known policy disclosures and choices regarding those uses.
2.Individually identifiable information is disseminated only to affiliates or to
unaffiliated third parties whose subsequent uses or collection of the information
are not incompatible with any known policy disclosures and choices and that have
fair information practices or policies in place.
3.To ensure that individually identifiable information is disseminated only in a
manner consistent with disclosures given to individuals, entities which are
supplying information and entities which are obtaining it should discuss
whether disclosures have been given or will be given. Supplying entities
should take reasonable measures to make known any disclosures, while entities
obtaining information should make reasonable inquiry as to whether
disclosures have been made. These disclosures must meet a minimum standard
that TurstE requires and be TrustE certified.
Quality
Providing accurate and up-to-date individually identifiable information is one of the
factors which makes the information industry valuable to its customers and
society as a whole. Organizations shall, therefore, take reasonable steps to attain
a high level of information quality, consistent with industry practice and customer
need.
Information quality means that individually identifiable information should be
accurate, complete, and current. The required level of information quality depends
upon the purpose for which the information will be used. For example, the quality
of the information needed for a mailing list used strictly for marketing purposes
may be different than the quality of the information needed for a mailing list used
to deliver monthly bank statements or safety recall notices or a mailing list
used for voting, discussion and debate on topic related issues.
Security
Information security is a key feature of responsible collection, use and
dissemination of individually identifiable information. Organizations shall,
therefore, take reasonable and appropriate measures to secure information they
collect and use or collect (See TrustE). If the individually identifiable
information is disseminated, the disseminating organization should take
reasonable steps with respect to affiliates and individualsor the unaffiliated
third parties who are receiving the information to protect against security
risks.
Examples of security risks associated with individually identifiable information
include, but are not limited to: unauthorized access, use, modification, disclosure,
destruction or loss. Steps to protect against security risks could include
contractual protections, technological protections, as well as education and
training of employees regarding access and dissemination limitations.
Access & Correction
Because of the vast diversity of organizations in the information industry, the
processes for accessing and correcting individually identifiable information will
differ from organization to organization. In particular, there may be differences in
the processes employed by organizations that collect information directly from
individuals and those that collect information from other sources.
A. Individually Identifiable Information Collected Directly from
Individuals:
Organizations shall respond to individuals' inquiries as to whether an organization
maintains individually identifiable information about them.
Organizations will develop reasonable procedures which allow individuals to
understand the nature and substance of individually identifiable information
maintained about them and, if appropriate, allow individuals to review such
information.
Organizations, if appropriate, will correct or delete individually identifiable
information claimed to be inaccurate if this can be legally shown by the
collecting organization, or incomplete.
Organizations will, in a timely manner, provide an explanation and describe why
they cannot either satisfy an inquiry or why they find it inappropriate to change or
delete individually identifiable information which individuals have claimed to be
inaccurate or incomplete.he organization. This organization must show clearly
legally, and without delay (10 days), that the said claim of inaccurate information
that the individual requested to be deleated be deleated within this time frame.
B. Individually Identifiable Information Collected from Sources Other
than Individuals:
Organizations shall respond to individuals' inquiries as to whether an organization
maintains individually identifiable information about them or provides access
through other means.
Organizations shall inform individuals, upon request, about the sources or types of
sources from which individually identifiable information is obtained.
Organizations must answer directly and without equivication, any and all queries
or questions to the individual regarding the information directly, providing any
specific documentation through secure electronic means the Individual requests
and/or requires.
Organizations shall explain access and correction policies when individuals have
made requests to access or correct individually identifiable information; or, if more
appropriate, organizations shall identify the source of the information so that
individuals can seek to have the inaccurate or incomplete information corrected or
deleted. Such a deleation request must be met within the 10 days requirnment
irrespective of the time frame the individual requested. Confermation must be
sent through electronic means if and when possible or requested by the individual.
Individuals desire the opportunity to know if information about them resides within
organizations' databases. If information about them is maintained, individuals
would often like the opportunity to view or to have access to such information.
The access and correction principle (encompassed in A&B above) Inegroup members
require requesting organizations to have appropriate policies to address inquiries
from individuals regarding individually identifiable information which they
maintain or provide access through other means.
Accountability.
Information companies must have implemented the principles articulated and should
establish a system of accountability for such implementation. Information
organizations that disseminate individually identifiable information to affiliates or
unaffiliated third parties must have implemented mechanisms to verify and remedy
abuses associated with the information they provide, including refusal to transfer
information to third parties when demonstrated abuses have been shown.
|