They were just trying to do their jobs, as much as I was just trying to see a doctor.Too often data security and privacy approaches undermine people, when they should empower them.According to the NHS website, I should not have needed to know my NHS number to register with a new surgery, and my old practice should have told me what my number is.The two receptionists I communicated with were not malicious, they did not want to get in my way or to be interrogated about their data privacy and security policies.I was surprised and a bit irritated, because my passport and utility bills should be sufficient, but it seemed non-negotiable.I was told if I rang my old GP surgery they would provide me with my NHS number 🤷♀️.Bear in mind: what is the worst thing that can happen here?
For the last few months we’ve been working with clients on behavioural and cultural-change training, penetration testing and various consultancy projects.We’ve also relaunched with a brand new look along with some special merch packages. For a home computer user, you can also consider writing your passwords down in a book and storing that book in a safe place.The rest of the conversation went roughly like this: Me: “But how can you verify my identity over email? ” Her: “yes but we’re not supposed to give personal information over the phone” 😔 And so, we got to the crux of the matter. Policies and training that are not fit for purpose.People being told they should not do certain things.