Emergency Contact Info online

Gizmodo

I need your help testing a new web site I've just developed. Please be gentle with me, I'm not a graphic designer, I'm a developer, the site is very new and I'm looking for your feed back.

It's a totally free place to store your I.C.E. information. You register, enter as much or as little information as you want (up to 3 contacts) and the site gives you a unique ID.

Now with the link: http://q911.net

You can get your ID engraved on a bracelet or dog tags, write it on a card in your wallet, whatever you want. It's totally free. You could make multiple IDs, one for each member of the family, even the dog!

Thanks, and please don't be too critical!

The Northern Monkey

Seems a bit rubbish to me.... (need to include the link )

Gizmodo

The Northern Monkey wrote:

Seems a bit rubbish to me.... (need to include the link )

Oops

http://q911.net

The Northern Monkey

I do like the idea... definitely needs a bit more security but as you say its a beta.

There is an aussie company doing a similar thing (not available over here and I can't remember what they're called, saw them on facebook a while ago) and they incorporate the code into loads of their own different jewellery, bands, tags etc etc and sell the whole package.

Similar to a talisman but a lot more oriented around sports and extreme sports.

Gizmodo

The Northern Monkey wrote:

I do like the idea... definitely needs a bit more security but as you say its a beta.

There is an aussie company doing a similar thing (not available over here and I can't remember what they're called, saw them on facebook a while ago) and they incorporate the code into loads of their own different jewellery, bands, tags etc etc and sell the whole package.

Similar to a talisman but a lot more oriented around sports and extreme sports.

What kind of security are you thinking? It's already encrypted using SSL, you get a random 8 character id and for anyone to access the info they have to know (or guess) the 8 digit id, your eye colour and gender. The site only allows users 3 attempts to guess that info and logs all failed attempts so I can watch for brute force attacks.

I don't know how much more security I can give it and still make the data accessible in the event of an emergency.

Any ideas great fully received.

GiantMike

I like the idea for the modern smart phone generation. BUT, playing the devil's advocate, why is this better than having a sticker with my name and emergency contact number on it and putting this on my bike and/or helmet?

What do the emergency services do when they are called to an emergency and want to make contact with relatives? It might be worth knowing this to make sure your system can help their process rather than creating a parallel system.

ddraver

Not a bad idea, but one of the best systems I ve come across is the one that the KNWU (Dutch British Cycling equiv) use which is every member has a card (Licence or not) with their membership no. on and can then upload their details (even including medical records) onto the KNWU site so it can be accessed... Membership is cheap if you don't have licence and, being dutch, following the rules and joining clubs is pa for the course for most sports enthusiasts...

(Thinking about it, the medical records stuff might be for Anti Doping....)

Stiff_Orange

Ok nice idea, but SSL gives no gaurantee of security. All that does is encrypt the data between the browser and the website. It does not protect the website. Many people believe that SSL is all you need but it's not. The 3 strikes and out is a sensible precaution, but won't be enough.

I work in information security and if you want me to give the site a good going over PM me.

Gizmodo

GiantMike wrote:

I like the idea for the modern smart phone generation. BUT, playing the devil's advocate, why is this better than having a sticker with my name and emergency contact number on it and putting this on my bike and/or helmet?

How much info can you get on your sticker? You put this 1 code on the sticker, then on the web site you can store your name, address, blood type, allergies, notes (anything you want) and 3 contacts each with name, address, 3 phone numbers and their relationship to you. A lot more than you can put on your sticker/bracelet/dog tags.

GiantMike wrote:

IWhat do the emergency services do when they are called to an emergency and want to make contact with relatives? It might be worth knowing this to make sure your system can help their process rather than creating a parallel system.

I do plan to get in touch with the ES in the UK at least.

Gizmodo

Stiff_Orange wrote:

Ok nice idea, but SSL gives no gaurantee of security. All that does is encrypt the data between the browser and the website. It does not protect the website. Many people believe that SSL is all you need but it's not. The 3 strikes and out is a sensible precaution, but won't be enough.

I work in information security and if you want me to give the site a good going over PM me.

I will take you up on that, thank you. I have done more than just secure the network traffic but any second opinions are always welcomed.

Just remember that what you will be storing is the phone number of your relatives. For most people phone numbers are in the phone book anyway so we're not talking national secrets or anything that call centres in India can't already get hold of.

You will keep your ID number normally hidden from public view and as there are 36 to the power 8 combinations for the ID, plus 3 eye colours and 2 genders to try, that's a lot of work to brute force attack just to get a phone number.

beverick

"we will do our best to keep your information private but I can not be held liable for any loss"

Oh yes you can and depending on the circumstances you may be guilty of either a criminal or civil offence.

BTW, you will also have to register with the ICO under the Data Processing Act as a data processor, and comply with all relevant requirements (ie principles) of the DPA. That includes security requirements, subject access requests and stating quite specifically why you're holding (and processing) the data, where, how and how long you're holding it.

See http://www.ico.gov.uk/for_organisations.aspx

I'm also pretty sure you're sailing close to the wind, and medical records legislation, regarding holding personal medical details.

Bob

Gizmodo

beverick wrote:

"we will do our best to keep your information private but I can not be held liable for any loss"
Oh yes you can and depending on the circumstances you may be guilty of either a criminal or civil offence.

I am hoping that common sense will prevail. After all I am just trying to help the community with a free service. If someone wants to sue me for something then I might regret it - but that won't make me give up trying to help.

beverick wrote:

BTW, you will also have to register with the ICO under the Data Processing Act as a data processor, and comply with all relevant requirements (ie principles) of the DPA. That includes security requirements, subject access requests and stating quite specifically why you're holding (and processing) the data, where, how and how long you're holding it. See http://www.ico.gov.uk/for_organisations.aspx

Already done, that's another £35 it's cost me.

beverick wrote:

I'm also pretty sure you're sailing close to the wind, and medical records legislation, regarding holding personal medical details.

I'm not holding any medical details. I have a field called "notes" that the customer can enter what they want. There is nothing saying "enter your medical details here", all fields are optional.

What a world we live in when all people can think of is how I might get sued and what laws I might be breaking. No wander you never see a poor lawyer.

GiantMike

Gizmodo wrote:

beverick wrote:

I'm also pretty sure you're sailing close to the wind, and medical records legislation, regarding holding personal medical details.

I'm not holding any medical details. I have a field called "notes" that the customer can enter what they want. There is nothing saying "enter your medical details here", all fields are optional.

But, if somebody does enter their medical details, do you have a responsibility to treat it differently? Just a thought.

Gizmodo

GiantMike wrote:

But, if somebody does enter their medical details, do you have a responsibility to treat it differently? Just a thought.

Interesting. I don't know but I doubt it - if someone posted on this forum something about their medical history does that mean that the owners of this site has to comply with different legislation? What I'm doing is very similar to a Forum - you post whatever information you choose to. There are plenty of clubs and organisations offering forums without a problem - that's a good idea, maybe I can look at the wording of a Forum T&Cs. Thanks

BTW thanks for starting The Cocktail Party

GiantMike

Gizmodo wrote:

BTW thanks for starting The Cocktail Party

You're welcome.

beverick

Gizmodo wrote:

beverick wrote:

BTW, you will also have to register with the ICO under the Data Processing Act as a data processor, and comply with all relevant requirements (ie principles) of the DPA. ......

Already done, that's another £35 it's cost me.

I'm surprised. Have you actually read the act, and the associated guidlines, in relation to the service you intend to provide?

Gizmodo wrote:

What a world we live in when all people can think of is how I might get sued and what laws I might be breaking. No wander you never see a poor lawyer.

A developer that isn't bothered about what side of the law they operate on. Just that the IT world needs - another one.

BTW, you sought feedback. If you don't like the feedback you received, you shouldn't have asked in the first place.

Bob

Gizmodo

beverick wrote:

Gizmodo wrote:

beverick wrote:

BTW, you will also have to register with the ICO under the Data Processing Act as a data processor, and comply with all relevant requirements (ie principles) of the DPA. ......

Already done, that's another £35 it's cost me.

I'm surprised. Have you actually read the act, and the associated guidelines, in relation to the service you intend to provide?

Sorry if I gave the wrong impression Bob. Yes I have read the guidelines, and yes I do conform to them in my opinion.

beverick wrote:

Gizmodo wrote:

What a world we live in when all people can think of is how I might get sued and what laws I might be breaking. No wander you never see a poor lawyer.

A developer that isn't bothered about what side of the law they operate on. Just that the IT world needs - another one.

BTW, you sought feedback. If you don't like the feedback you received, you shouldn't have asked in the first place.

Again I'm sorry if you got the wrong impression. I am bothered about operating on the correct side of the law, I have phoned and spoken to the ICO twice, I have read the guidelines, I have researched to the best of my ability all the relevant laws and I have "notified" under the ICO regulations. It certainly is not my intention to operate an illegal web site.

I do like the feedback - I was simply trying to make a social point that in this day and age the first thing we all think of is "will I get sued?", not "how can I help people?". GiantMike - if I upset you in anyway with this final paragraph in reply to your message I appologise.

GiantMike

Gizmodo wrote:

GiantMike - if I upset you in anyway with this final paragraph in reply to your message I appologise.

Not at all mate. We're all here to help*

* except those tw@ts in The Crudcatcher!

Alinshearah

is that not what Steve Cram already has http://www.cramalert.co.uk/products

Gizmodo

Alinshearah wrote:

is that not what Steve Cram already has http://www.cramalert.co.uk/products

It is very similar. With that web site I believe you have to buy their products and pay an annual fee. They offer more services than me, for example a 24x7 telephone number for retrieving the contact info. If you are interested there is another similar service in the USA called Road ID.

My service is totally free and you are not tied into any particular way of displaying the information.

Alinshearah

Gizmodo wrote:

Alinshearah wrote:

is that not what Steve Cram already has http://www.cramalert.co.uk/products

It is very similar. With that web site I believe you have to buy their products and pay an annual fee. They offer more services than me, for example a 24x7 telephone number for retrieving the contact info. If you are interested there is another similar service in the USA called Road ID.

My service is totally free and you are not tied into any particular way of displaying the information.

Being free is as good a USP as any. Best of luck