Although public administration applications are speeding up many procedures and waiting at the touch of a button, the reality is that we are still waiting for one that will mark a before and after: carrying the DNI on the mobile with DNI 4.0. In the meantime, it’s time to turn to some tricks either alternative applications to identify ourselves. But beyond being able to show your ID from your phone, there is another common practice that is not without risk: send the ID on the mobilefor example through WhatsApp.
Without going any further, it has already happened to me a few times both when booking a holiday accommodation and in a real estate agency to speed up the contract procedures. The problem? That The DNI is a sensitive and private document, with a lot of personal information and we do not know into whose hands it will fall. But be careful, it would not be the first nor the last time that the AEPD fines companies for abusing when requesting the DNI when it is not an essential requirement.
The Internet Security Office has warned of this practice with several possible threats that we may suffer as a consequence, such as phishing or identity theft, loss of control of information as long as that data can be used, vulnerabilities in communications during sending as a result of an attack or security breach or that when saving this data in the cloud it could be shared by mistake with third parties.
In fact, if at a certain time someone asks us to share our DNI via mobile phone, we must ask ourselves some questions before complying with the request. The first is if they really need it. Then, and only if it is strictly necessary to do so, consider other alternatives to share it, since perhaps that WhatsApp phone number is not the official business number. So, you could even physically approach them to leave them a photocopy. In any case and If we do not see the need clearly and we have doubtsit is best to take extreme caution and refuse.
The OSI gives some instructions to take into account so that, in case we find ourselves in the need to share the DNI from the mobile in apps like WhatsApp, we do it in the safest way possible.
The first is a basic one: be clear about who is on the other side. That is, we must verify the authenticity of the recipient before he or she has access to our national identity document, either because you know the telephone number before, you have the number on a document such as a business card or you have searched for it on the internet or something that give us confidence to proceed.
Then consider your options when sharing the document, choosing those applications or platforms that integrate security measures such as end-to-end encryption, which allows you to add a PIN code to access, with a security vault, self-destruct measures, for example. In the case of the popular WhatsApp (which we remember has end-to-end encryption), using a temporary chat so that the information does not remain permanently (you can configure the chat settings to limit the lifespan) or with an image that It can only be seen once and then it is destroyed.
The less information you give, the better. The recipient may only need your name, photo and ID to verify your identity, but they don’t need everything else, so you can cross out the additional information and even put a line in the eye area of your photo, so that although it may serve to identify you, it is not useful for other purposes.
Finally, it is worth reminding the recipient that once they use this information, proceed to eliminate it as soon as possible from your systems.