Giving the one-way
hash to the agency along with my name and the data to add to the credit history
would enable them to perform the same operation to ?¬?nd my account and update
my record. Again, there is no loss of functionality from not storing my SSN.
Finally, after the original request for my credit history information, the organization
should delete that value??”not just to protect me individually, but to limit
the liability that the organization is under by simply storing the information.
Given the danger in sharing this very valuable piece of data, what is my defense?
Every time I encounter an organization asking for my SSN, I leave it out. If they
persist, I could give them an arbitrary value that is not my SSN??”which might
work well enough if I??™m not granting them access to check my credit. If I am, I
have little choice.
Even if I am as careful as I can be, however, the solution clearly lies in organizations
not storing my SSN and moving to a claims-based system for accessing my
credit data.
319
The 24-hour-a-day nature of the Internet already encourages
service providers to maintain exceptionally high availability.
Identity providers are held to the highest standard when it
comes to this; the failure to authenticate due to an of?¬‚ine IP
could potentially prohibit millions of users from accessing sites
and services that depend on them.
Pages:
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459