16Eki
Risks of Providing a Passport Number
Company A pays company B for enterprise software. Company A hosts it internally. An employee from company B needs access to servers at company A in order to manage said software
Company A is requesting very personal information of the employees needing remote access. e.g.
- Full Name
- Cell Phone
- Gender
- Date of Birth
- Citizenship
- Passport Number
- Passport Issuer
Can these pieces of information be used alone, or together in a way that would increase the info security risk to the employee in any way?
To me, this is a case of requesting/requiring too much information - that is - beyond what is actually necessary to fulfill the request.
I understand the need for cell number - as they use two-factor authentication where they send a code each time one needs to access the VPN. The rest seems well beyond what is needed.