A clients wants to build an online database and include date of birth
as a record. Everything wil be password protected but nothing will be
encrypted. Is date of birth considered sensitive like credit cards and
social security number? What can someone do with this data if they were
to break into the database?

On 18 Jan 2006 21:34:25 -0800, veg_all@yahoo.com wrote:

Send you a birthday card....

Matt


--
The Probert Encyclopaedia
Over 235,000 definitions and descriptions
http://www.probertencyclopaedia.com

On 18 Jan 2006 wrote in alt.www.webmaster

Only for women.

--
D?

<veg_all@yahoo.com> wrote in message
news:1137648865.568770.84120@g44g2000cwa.googlegro ups.com...
I've worked on a number of systems (passport and immigration) which stored
date of birth, we didn't treat it as any more sensitive than someone's name.
Certainly its not like credit card information because there is no financial
cost to the information being leaked.

The real pain about date of birth comes when someone doesn't know when they
were born. Laugh, but its true. Tends to be more of a problem in the third
world ... (where food is normally more important than registering on
websites)

The real question is whether it is appropriate to hold date of birth at all.
If you use it (for calculating age etc) then fine, if it serves no purpose
then don't collect it. This goes for all the information you are collecting.
None of the systems I'm currently working on store date of birth because its
not relevant.

You made the comment "Everything will be password protected but nothing will
be encrypted". I've found it good practise to store encrypted passwords in
the database (or better still a password hash), I don't think its wise to
store passwords as plain text even if it should only be administrators who
get to see it (until you are hacked). Or are you doing that anyway?
--
Brian Cryer
www.cryer.co.uk/brian

Pondering the eternal question of "Hobnobs or Rich Tea?",
veg_all@yahoo.com finally proclaimed:

Only if you store it along with their mother's maiden name and their
credit card pin number

Not much really, not with just a date of birth anyway. I suppose if
combined with other personal data, and if they had the ability to
intercept your mail, then they could apply for credit cards and the
likes using your name.

--
Dylan Parry
http://webpageworkshop.co.uk -- FREE Web tutorials and references

Disclaimer: This post does not represent the opinion of me or my cats.

On 18 Jan 2006 veg_all@yahoo.com wrote:

I couls be wrong but I think that in some countries it may be considered
sensitive to store *any* accessable data about those that are minors.

--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af380@chebucto.ns.ca [=||=] (At the Sign of the Flashing Cursor)
"Oh how I miss the days when it was easier to catch gonorhea than a
computer virus." -- Big Will in alt.comp.virus, March 9, 2005

On Thu, 19 Jan 2006 07:29:06 -0400, "Norman L. DeForest"
<af380@chebucto.ns.ca> scrawled:

I never give my correct date of birth online. I don't see why it's
anyone's business and, yes, it is sometimes used as part of
identification verification for various things and therefore I
consider it sensitive data (and, no, I'm not sensitive about my age).

--
MGW
If you always do what you've always done, you'll always get what you've
always got.

veg_all@yahoo.com wrote:

Are you implying that you also store CC and SSN in this database?
Unencrypted?

--
-bts
-Warning: I brake for lawn deer

Hi ...

If you tell folks you're storing this data up front and exactly what
it'll be used for, leave it up to the user to provide it or not. Also
I'd suggest only collecting day and month and not year. This way if
someone did jack the database it's not as sensitive of an issue.

Something else to note -- most folks don't put their real birthdate
into online forms anyway... FWIW,

Sam

veg_all@yahoo.com wrote:
I've read that there is a law in England regarding the collection of
such information when it is not necessary.

As for the rest - it depends on exactly what information you're
storing. The context might make it more sensitive.