by Peggy Barnett

Created on: February 05, 2008

A secure site recently required online users to answer a series of questions, in order to authenticate identity. The questions were not based on data which the users had provided to the site, but, rather, on data which had been freely obtained from databases elsewhere. The databases represented included those which housed the data of insurance and utility companies, as well as possibly the Department of Motor Vehicle Records. Respondents were asked to authenticate the correct residence at which they had lived in the past, from a list of addresses, and/or the year, make and model of an automobile which they had once owned, from a list of automobiles. Like a quiz, the questions continued, with different responses necessary, until identity was established. If such information, which had privately been provided offline by the respondents in the course of doing business, was accessible due to the fact that it was kept in computer atabase somewhere, is it possible to keep personal information off of the Internet?

Biometrics, such as fingerprint readers, are gaining acceptance for use by employers to clock employees in and out, and to allow access to locked facilities, including computers and computer networks. Biometrics are also used for airport screening and for automatic purchases in some stores and restaurants. Since personal information, such as fingerprints, thumbprints and palm prints will be kept in databases with varying degrees of security, if other information kept in databases is accessible by certain corporate entities, then this highly personal data could also someday return, from the past, online.

New legislation needs to be passed to secure personal information requested by sites, which is requested, for various reasons, in order to authenticate the users of their sites. Although the sites may need to know certain inforamtion, such as the age of the user, they do not need to transmit any segment of this data openly before all, which would help protect the privacy ofthose online. Sites concerned about whether a user is an adult or minor, for example, could stipulate categories of ages for which that user is a member, rather than listing a chronological age. This might also reduce the incidence of identity theft, since the fewer absolute details about an individual available online would protect personal data.

Until legislation is passed that protects a user's personl information, the safest approach is to use the same comon sense that would be used offline. After all, most users would not wear a teeshirt, emblazoned with their personal data listed on it, for all the world to see.

Learn more about this author, Peggy Barnett.
Click here to send this author comments or questions.