© SmartCard Networking Forum News Round up A flippant personal view Mick Davies SCNF Core Group member

© SmartCard Networking Forum

News Round upA flippant personal view

Mick Davies

SCNF Core Group member


Firstly, a follow-on to my last rant about

how much we should trust HMG to look after our data.Doctor training 'security lapse'

The Department of Health has apologised for an apparent security lapse which allowed the personal details of

junior doctors to be accessed online: •phone numbers, •addresses, •previous convictions and •sexual orientation, etc

and available all day after some kind of error.

You had to know where to look or just stumble across it

but it was freely available.


Feel reassured!?There is some security in being part of the noise created

through a morass of information•Clearly, particular details are hard to find by accident.•But it is easy to gather any old details and then focus on them •Still, the DoH is taking it very seriously and will be taking steps to make sure that it never happens again.

That’s all right then.I’m so relieved that my personal data will never

accidentally see the light of day as the NHS and its partners send it whirling around from place to place.

Still doesn’t quite do the trick for me.


But its not just governmentI’m looking to move house at the moment and the Estate Agent I am using sent me a vendor sign-in key to be able to view offers, feedback, etc and to be able to amend my personal details.

Unfortunately, they sent me the wrong key – so I got a good look at someone else’s data and update it if I fancied. I bet they wouldn’t be able to tell who did it either!

Most importantly, they didn’t seem to understand the significance of their mistake.


So, who can we trust?I had a colleague once who made a point of misspelling his name or job title on every non-official application form he filled in so that he could track how good they were about keeping his data private and secure. That was a good few years ago, but he rapidly came to the conclusion that he could not trust any of them.

I don’t think much has changed and the Pandora principle still applies

The only place we can trust is one for which we (alone) have the key and even then, once our stuff gets out of

the box, there’s no chance of getting it back.


Secondly, what’s in a name?(or address or number)

Our names are pretty standard, aren’t they? - and all based on BS8766?

Well, not quite – there is also: •The Government data standard (GDS), •Election Markup language (EML), •and many more

Clearly decisions required here then.


So what about addresses? You’ve heard a lot about this today already

BS7666PAFPost codesUPRNLLPG/NLPGUPRNetc

There are lots of options but almost everything points towards using BS7666.

If that is what we are going to do – lets confirm and then conform.


So who has got our number?Citizen number, Nino, Driving licence number, Passport number, Debit card number(s), Credit card number(s),APACS number, IIN, Library membership number, Leisure membership No.,Payment card number, student no., and so on

There is some strength in being different people to different organisations but it does get difficult to

remember who the hell you are!


So what about the numbers game?Remember “The Prisoner” when the main character went around mistakenly claiming that he was not a number?Patrick McGoohan wrote a few episodes and used a couple of nom de plumes himself (one of them predictably based on his Mother’s maiden name).He was known as Number 6 but at least that was fairly straightforward. I guess it was fairly easy to crack too!

With all this swirling around we are pleased to announce the new improved Concessionary travel number……!


DfT or what? If you are sick of numbers, you’ll be pleased to hear that the DfT is trying to prescribe another unique reference number

It’s a catchy little number made up of the 5 digit CPICC, along with an 8 digit pass holder no (PHN).

The CPICC will be issued by the DfT but at least they will let us make our own PHN!

It is as though nothing has gone before – as though no-one has already issued cards with numbers on!


Spoilt for choice?

I’ve given you taste of some of the variants.

It is not all gloom and doom though – Contrary to experience I still believe that there is strength in numbers

LASSeO and its supporters are working with all and sundry to bring some commonality to our approach to this stuff. Numbering has been an active strand on the SCNF Bulletin Board and between us we have material on naming, numbering, addressing, using Mifare 4k cards, etc that can help to put your card schemes in the same ball park as others.


Hook into LASSeO and the SCNF and help us to make sense of all this

We have some draft guidelines available nowWe are actively working on othersWe need your help to make this stick

We aim to have a good list of list of guidance documents available over the next three months supported by some case studies

Work together, don’t go it alone - wheels were made for moving, not for re-inventing! Maybe a message that other parts of our industry would do well to learn from.

Contact [email protected]

Documents

© SmartCard Networking Forum News Round up A flippant personal view Mick Davies SCNF Core Group member