LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	Records Management Program <[log in to unmask]>
Date:	Tue, 6 Dec 2005 13:15:38 -0800
Content-Disposition:	inline
Reply-To:	Records Management Program <[log in to unmask]>
Subject:	Re: 2 Miscellaneous Issues
MIME-Version:	1.0
Content-Transfer-Encoding:	quoted-printable
In-Reply-To:	<[log in to unmask]>
Content-Type:	text/plain; charset=ISO-8859-1
From:	Larry Medina <[log in to unmask]>
Parts/Attachments:	text/plain (55 lines)

On 12/6/05, Jones, Virginia <[log in to unmask]> wrote:
>
> <You likely have a name, an account number and a dollar amount showing
> on this card.>
>
> Nothing anyone can do with a utility account number if other safeguards
> are in place for releasing info over the phone (i.e. requiring other
> pieces of information about the account from the caller).

This is what I was basing my comment on.

www.p3pwriter.com/LRN_000.asp

Personally Identifiable Information (PII) - refers to any information that
identifies or can be used to identify, contact, or locate the person to whom
such information pertains. This includes information that is used in a way
that is personally identifiable, including linking it with identifiable
information from other sources, or from which other personally identifiable
information can easily be derived, including, but not limited to, name,
address, phone number, fax number, email address, financial profiles, social
security number, and credit card information. To the extent unique
information (which by itself is not Personally Identifiable Information)
such as a personal profile, unique identifier, biometric information, and IP
address is associated with Personally Identifiable Information, then such
unique information will also be considered Personally Identifiable
Information. Personally Identifiable Information does not include
information that is collected anonymously (i.e., without identification of
the individual user) or demographic information not connected to an
identified individual. In terms of P3P attributes, personally identifiable
information is 1) physical contact or location information, 2) online
contact or location information, 3) government issued identifier, or 4)
information about an individuals finances.

I would see the account number qualifying as a "unique identifier", the
address being "physical contact or location" and the amount owed being
"information about an individuals finances"

I'm not saying this utility cited is in violation of a law, but it certainly
should consider revisiting it's business practices.  Granted, they're saving
some money in printing a postcard rather than a letter and envelope and
saving postage for a postcard rather than a sealed letter, but they're
exposing information about their customers that might be better left
private.

Larry
--
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US