What are some examples of the ways an organization issuing and verifying IDs can protect privacy?
Organizations that issue and verify IDs need to establish and implement policies, operational practices and identity management system technologies to protect the privacy of an individual’s personal information. First, the organization must define its privacy and security policies. For example: • Only the minimum information necessary to validate an individual’s identity should be gathered. Individuals should be informed of the reason for the data collection, and should be permitted to choose whether or not to participate. • Only well-screened, well-trained personnel should be given access to individuals’ personal information. All personnel must be accountable for each access to the data. • Only the minimum data required to perform a given transaction should be accessed. • Displaying or transmitting unencrypted personal information should be avoided. Truncated fields should be used for displayed or printed content. • Policies should prevent data generated by the use of an ID card or to
