We have all been asked before to provide copies of our passports to organisations such as telecoms providers, hotels and car rental companies. But Jan Willem van den Bos, Partner at Dentons, warned clients this week that they need to be careful in the Netherlands when engaging in this widely adopted practice following new guidance published on 12 July by the Dutch data protection commission (College Bescherming Persoonsgegevens – CPB).
Essentially, the CPB is stepping up the pressure on organisations to think twice before taking a photocopy or scanning the passports of their clients, customers or other relations – and, if they do have to take copies, to make sure they:
- cover the photo;
- cover the unique personal “BSN” number (so only show the shorter passport number);
- store all copies securely; and
- destroy copies safely as soon as they are no longer necessary.
Clearly, the main underlying concern is ID fraud.
It is illegal under Dutch law to take a copy of anyone’s passport, subject to some limited exceptions.
The CPB recognises that certain organisations need to carry out ID checks (including for credit reference purposes), but the CPB says that in many circumstances it should be enough for people simply to show their passport and for organisations merely to take a note of the ID document type and number, rather than copying the whole document.
With the new guidance, the CPB is trying to clarify the law and impress on industry that there are other less intrusive and risky ways of checking someone’s ID. The CPB also has published a checklist for consumers, including FAQs about handing over copies of their passports.
Of course, the implications of this guidance go much broader than the Netherlands. The issues raised apply in all countries where ID fraud is a risk …..that’s everywhere! So very timely advice from the Dutch regulator.