Applicant Private Information Protection
After a session is finalized only Owner and Co-Owners have access to applicants personal info.
Comments: 5
-
11 Nov, '21
Dave TempletonHow about restrict PI such that it is only visible to VE’s between start session and finalize session, much like an in person session. Only the SM has access to this information outside of a live session.
-
11 Nov, '21
Heather KM6ZQBI support Dave AD4VE's and Dave N4NG's suggestions . This would be an improvement to my original request https://features.examtools.org/suggestions/126262/add-view-applicant-to-dropdown-to-allow-applicant-info-to-be-viewed-but-not-edit Currently, it allows VEs to view the info not only during the session, but before and after. Regular VEs do not need access to PI under normal circumstances. With a large session, PI is accessible by everyone in the session and not just to those who tested the applicant. And VEs have access to the information forever as far as I can tell and long after they should.
-
11 Nov, '21
Darrell N5FTWI agree with both Daves and Heather. While we have been lucky so far, just one VE using PI inappropriately would cause severe damage. We have a responsibility to protect PI given to us that is not readily accessible to the general public.
-
12 Nov, '21
Hypothetical Criminal VEIf I were a criminal VE collecting PI, I would:
RSVP or crash as many open-call sessions as possible (especially while intoxicated or under the influence of narcotics), to get added to manifests
Hit refresh periodically, or only at times I would expect to have the PI first made available to VEs
Save my signature using handwriting and/or brevity that resembles someone else's entirely, to devote as much time as possible to downloading the PI as I rubberstamp exams without leaving breadcrumbs for a graphologist
Take advantage of the lack of multi-factor authentication & allow accomplices to be concurrently logged in or log in in my place -
03 Dec, '21
Art Clemons N8BLKI suspect this really amounts to closing the barn door after the mules have fled. A dishonest or mal-intentioned VE can just scrape the info during a session and note the VE has to be added to the roster to be able to see the session at all. What stops scraping during the exam? I note unless the structure greatly changes, the undesired access must be granted during the exam.