0

Company A pays company B for enterprise software. Company A hosts it internally. An employee from company B needs access to servers at company A in order to manage said software

Company A is requesting very personal information of the employees needing remote access. e.g.

  • Full Name
  • Cell Phone
  • Gender
  • Date of Birth
  • Citizenship
  • Passport Number
  • Passport Issuer

Can these pieces of information be used alone, or together in a way that would increase the info security risk to the employee in any way?

To me, this is a case of requesting/requiring too much information - that is - beyond what is actually necessary to fulfill the request.

I understand the need for cell number - as they use two-factor authentication where they send a code each time one needs to access the VPN. The rest seems well beyond what is needed.

GWR
  • 1,203
  • 2
  • 9
  • 11
  • Every one of those pieces alone could be a risk to an employee. Are you specifically asking about the passport (as per your title)? – schroeder Oct 16 '20 at 16:10
  • There will be data protection policies and regulations that both Company A and Company B will be subject to. You would need to work with the policies and data protection/information governance/legal to get some clarity. – schroeder Oct 16 '20 at 16:12
  • It seems like you are trying to drum up support for your position that this is overreaching. This isn't the place for that. There are company policies, data protection regulations, and HR realities that apply. As for *what you've asked*, this data can clearly be used in identity theft, even without the password info. What are you wanting to know beyond that? – schroeder Oct 16 '20 at 16:43

0 Answers0