Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

7
  • 26
    Indeed, it is worth pointing out that the UK Data Protection Registrar (now known as the Information Commissioner) issued guidance that using the UK's national insurance number as a unique identifier for any application where it isn't strictly necessary to collect it would be considered a violation of the legally-mandated principle that "[p]ersonal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed." And this was based on the 1984 version of the Data Protection Act. It's much stricter today. Commented Oct 17, 2017 at 6:38
  • 1
    That's a big point, and the reason is that the most dangerous thing for individual freedom is crossing different databases. That's the French Loi informatique et liberté (information and freedom law) concern and that's the rationale behind EU regulation. Commented Oct 17, 2017 at 9:06
  • 2
    @Jules I feel a newfound warmth towards to Information Commissioner! Commented Oct 19, 2017 at 13:55
  • 2
    1984. The people who decided to amend that Act really liked their irony. Commented Oct 23, 2017 at 1:54
  • @Jules that's preventing the site from collecting it, but it's not preventing the user from offering it. It becomes 'relevant' when you offer it as your user id. Commented Oct 23, 2017 at 17:57