Do CRAs have access to NINo.s, passport no.s and drivers licence numbers?

VictimOfImpersonation · 3 January 2014 at 4:05PM

Well do they? Notice I said "access" to. There is actually no difference in data science terms between "access" to data and "possession" of it except that access is more likely to be successfully hidden and denied if no one is keeping tabs.

MrSilk · 3 January 2014 at 4:10PM

No, they don't.

Only the information you see when checking your reports.

DevCoder · 3 January 2014 at 4:12PM

VictimOfImpersonation wrote: »

Well do they? Notice I said "access" to. There is actually no difference in data science terms between "access" to data and "possession" of it except that access is more likely to be successfully hidden and denied if no one is keeping tabs.

Of course there is a difference in computing terms between havng physical access to data and logical access to data.

VictimOfImpersonation · 3 January 2014 at 4:15PM

krisdorey wrote: »

Of course there is a difference in computing terms between havng physical access to data and logical access to data.

All the data CRAs process is processed electronically back and forth - even via thin air they tell me! Are you splitting hairs, krisdorey ?

Well it occurs to me that many banks and insurers hold my NINo, and airlines hold my passport no. and well, drivers licence details are sometimes requested too I think - yes many banks have manually input them into their branch systems in the past.

No-one has mentioned Chinese Walls yet but as Mr Silk is here, I am impatient enough to do so at this early juncture. Where are they?

DevCoder · 3 January 2014 at 4:21PM

no, Im just pointing out that data can be held in posession (physically) but might not be able to be accessed (logically).

Take a FDE drive or sql database for example, you might well have posession of the drive or database but without the encryption key, you cant access the data.

You could even trasnmit across a SSL for which a party it routes through does not have the certificate, yes they are (briefly) in posession of the data but they cant access it.

VictimOfImpersonation · 3 January 2014 at 4:25PM

Are you trying to confuse krisdorey?

Data access between here and the moon was possible in 1968. All it takes is someone with a key to the door and for the remote computer holding the data to be switched on. And because all these data items I have asked about are held on multiple corporately owned as well as government computers, all that means is that an agreement might be made to provide the key to 'key partners' perhaps ?

DevCoder · 3 January 2014 at 4:34PM

I was pointing out your statement that in data science possession and access are the same thing is incorrect.

The "key partners" may well have possession in the data in that they have physical access to the server and They "might have an agreement" to logically access that data, however they may not. The two are not the same.

VictimOfImpersonation · 3 January 2014 at 4:46PM

Well I was hoping to keep this thread clear for lay-people to understand.

You are blowing smoke over it whether you mean to or not.

If I am the boss and sitting on the other side of the world with my data on a corporate network connected to the internet and I say kris I'll give your company online access to the data, who would know other than you, me and NSA?

DevCoder · 3 January 2014 at 5:02PM

You cant keep a thread clear for the lay person to understand when what you state is incorrect.

That aside on your second point then only people who are in the transit route of the data would know (Logical access)

Or a thief who broke in and stole a pc, or an employee who divulged data (Physical access).

I don't see the point you are trying to make, certain bits of personal information are protected and are not allowed to be transmitted to third parties unless they have a need to have access. And the more personal the information the higher the verification would be to prove access is required.

Of course, you can dream up any amount of conspiracy theories.

VictimOfImpersonation · 3 January 2014 at 5:13PM

krisdorey wrote: »

You cant keep a thread clear for the lay person to understand when what you state is incorrect.

That aside on your second point then only people who are in the transit route of the data would know (Logical access)

I am fighting to extract the reasonableness in your responses.

I realise that I may inadvertently have set you off on the wrong track when I said:

...access is more likely to be successfully hidden and denied if no one is keeping tabs

I wasn't referring to protection of data from third party interception. I meant that two companies colluding to share data could grant access by secret agreement and successfully keep the fact hidden unless someone was actively policing their operations.

My bad I think.

Are we on the same track now?

DevCoder · 3 January 2014 at 5:24PM

Yes they could, so whats your point?

In fact the very measures Ive mentioned in my above posts could re-enforce that process. i.e. how can you be audited or policed if all data is kept on FDE drives and you refuse to hand over the encryption keys and all transmitted data is sent via SSL.

In the above scenario you could keep any detection of any wrong doing secret for as long as you wanted.

I still don't see what you are getting at in relation to this and what cRA's have access to. Why would a CRA have access to a NIN , passport number or any other bit of information which is irrelevant to credit scoring.

The CRA's only process the information the banks send them, in some ways it would be better if the bank sent a NIN or passport number with the data its sending so as to ensure data is not mis-allocated.

Do CRAs have access to NINo.s, passport no.s and drivers licence numbers?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free