Open benrfairless opened 1 month ago
Missive conversation: https://mail.missiveapp.com/#inbox/conversations/76138814-9a31-4679-b768-3488fc048f2d
Agencies know their correspondence is going on a public forum. I would have assumed they have an obligation not to be this stupid and ask a user to post their credit card information online. I wonder if the OAIC would like to comment on this matter?
@coopzr we do tell authorities that responses will be published on the Internet, however it's in the footer of the email.
Perhaps we should update that message to be a bit clearer that they shouldn't be asking for personal information, shouldn't be sharing it, and should be reporting requests that they receive for personal information?
@benrfairless is clarity the issue? The footer clearly explains the correspondence is occurring on a public forum. I would think government agencies have certain responsibilities when it comes to dealing with the public. Asking an applicant to post their credit card information online for all to see might even be in violation of a Australian privacy principle. Even if not technically a legal issue, common sense says this is a terrible idea.
@coopzr good point. I suppose I'm looking at it through the lens of what we can control.
Sidenote, As far as I'm aware it's against industry standards to store credit card information without encryption in any format. Asking people to email credit card information is just asking for trouble.
The instances of this happening are relatively minor, but I think having a bigger conversation about how we encourage people not to breach their own privacy is important.
For some reason authorities are asking people to email credit card information....
Is this something we need to warn people about?