privacy – Risks of Providing a Passport Number


Company A pays company B for enterprise software. Company A hosts it internally. An employee from company B needs access to servers at company A in order to manage said software

Company A is requesting very personal information of the employees needing remote access. e.g.

  • Full Name
  • Cell Phone
  • Gender
  • Date of Birth
  • Citizenship
  • Passport Number
  • Passport Issuer

Can these pieces of information be used alone, or together in a way that would increase the info security risk to the employee in any way?

To me, this is a case of requesting/requiring too much information – that is – beyond what is actually necessary to fulfill the request.

I understand the need for cell number – as they use two-factor authentication where they send a code each time one needs to access the VPN. The rest seems well beyond what is needed.