Bonehead moves are standard practice for Radio Shack. I was a manager for 3 of the 4 years I worked for them and the list of blunders that no company should make is longer than my right arm.

Hi Marc,
Thanks for the comment. Gee, it makes me want to run right over to Radio Shack and buy something! LOL

Have a good weekend, Ron

Ron,

Just as a reminder, this is also the company that used email to fire employees - four hundred of them. Here is the Washington Post article from September, 2006:

link: http://tinyurl.com/2pz4gj

Sometimes corporate behaviour speaks volumes…

Noggie

Hi Noggie,
Thanks for the link. That is one heck of a way to terminate people. And I agree, corporate behavior does flow downhill.

Thanks, Ron

I am almost certain this happens too much. I wonder who the honest garbage digger was? Can we build a conspiracy theory off this? I think I’ll use cash next time I purchase a “101 in 1 electronics board”

Hi Jason,
Cash sounds good to me as well.

These companies should be given HEFTY fines plain & simple–something that will hurt them financially speaking in addition to being forced to pay for credit monitoring, reimbursement of lost money as a result of their incompetence and the like.

People only respond if money is involved. No one cares about identity theft as long as the ‘big boys’ (i.e. credit companies, banks) pick up the tab of reimbursing $$$, paying for credit monitoring, etc..

Personally, I think some of these private companies & government agencies get off easy when they “lose” computers or simply toss confidential info in the garbage for the world to see.

My recommendation: as individuals we MUST monitor banks accounts and credit accounts daily and even pay for those credit monitoring services if necessary.

In the long run, what would be helpful is if credit card companies and banks allow customers to set up their accounts to REQUIRE a return phone call for authorization of a purchase or require a pass phrase to confirm ownership identity or something to that effect. Kind of an annoyance but it is easy to implement–they just won’t.

Stay safe…peace!

Hi Mike,
Thanks for sharing your thoughts with us. I agree. Losing computers and data seems to be the norm lately. As I stated, I feel sorry for the person who had to untangle the mess after their identity is compromised. Stiffer fines may help to curb this.

Ron

Look you cant paint every company with the same brush. The majority of companies go to great lengths to secure our personal information. In fact it has become burdensome on most businesses. Fact: The majority of identity theft is initiated by someone you know;a relative, friend or co-worker. So in reality you have the responsability to secure your own information. The second most common method is from point of sale transactions; cashier, waitress ect.. The point is Americans want low interest rates, instant credit, fast mortgage approvals and a painless visit to the car dealership. Well it cant happen without a mechanism for storing and evaluating a persons identity and credit history, this requires their personal data. It aint magic! So if you want to live in a capitalistic free economy thats the price. Sure some companies need to be spanked. Most however do an outstanding job of handling the trillions of dollars of transactions and data transfers that keep this countries economy strong and that allow geeks like us to post our opinion on the internet. I guess all I am saying is “Quit Whining!”

“Fact: The majority of identity theft is initiated by someone you know”

Care to back that one up? I’m betting you won’t.

Hi Ed,
Thanks for posting your thoughts. Agree. I bought a new car this year and from the time I walked onto the lot until I drove off with the new buggy was under 2 hours.

But I also think that in cases like what RS employees did exposes us all to theft no matter how securely we try to guard our personal info.

Anyway, thanks for the comments. Ron

did anyone mention about there habit of asking customer’s address and phone every time one comes to buy something? Now i understand why they do it - so they can trash it. I always refuse when they ask me, simply because i don’t want to waste my time, but now i see there is even a better reason not to give it to them.

Hi arn,
Thanks for mentioning this. It is annoying.
Ron

I recall an old TechTV show with a guy driving down the Capitol’s main blvd. He was showing how many places neglect wireless security. Wide open for the world. Lowes is a retailer that neglects wireless security too. I have seen some really bad news articles about them and that they still have not secured their networks. My point is sometimes information doesnt need to find its way to the dumpster for the whole world to see it. No wonder identity theft is at epidemic levels.

I agree with Mike that corporate and government entities should be punished by more than a slap on the wrist.

I propose that the fine be ten times the average cost that an individual would be expected to pay to recover from identity theft, and that the fine be paid to each person whose data was lost. So let’s tally it up:
Individuals cost: $1000.00 (wild guess)
Times ten = $10,000.00
Times # records lost (large company @ 4.5 million records) = $45 billion dollar fine.
That may be extreme to all except Microsoft or the Feds, but it gives somewhere to start the determination of fine levels.

f0rw4rd.sl4sh,
Very true.

Hi Carl,
That seems like a great place to start!

Thanks to you both for your comments, Ron

I think that we need to hear both sides to the story. I know of a situation where similar records were retrieved from a dumpster. Turns out that the cleaning crew that the company had trusted so dearly had new hires that were unfamiliar with an emptying of boxes process and emptied the sensitive information into the trash. Needless to say, the procedures at the company were changed within the company and the cleaning crew as well.

Hi Steve,
RS admitted the error. It was employees who dumped the stuff. But I understand where you are coming from. Thanks for the comments. Ron

Fines dont work, Companies end up cutting jobs and raising prices and guess who pays for it. You and me, There needs to be personal dealings with this. I feel that need to put better responsiblity on the people(s) involved directly with this. Fines just me less money which means welp “joe blow i cant affford to keep you working so out you go” While were at it “lets raise this is and price a few dollars”

Hi Matt,
Interesting. If fines don’t work, do you have a suggestion what might work to get these peoples attention?

Thanks, Ron

Well, in addition to fines there’s always forced time (be that jail, or community service, or whatever — preferably something useful Even the rich cherish their time.

But in addition, I think that something like a 5-year subscription to one of the identity theft watch services for everybody whose data was dumped should be part of the deal. This is not a fine, it’s necessary damage control.

Hi Ge,
I like the 5 year subscription idea.
Thanks, Ron

The reason fines won’t work for this kind of stuff is this: “Radio Shack”, as a corporate entity, did not throw the records in the trash. Employees at one of its stores did. Those employees have probably been fired, or at the very least reprimanded. Those employees aren’t going to be the ones who pay the fine. Right now, employees at all the other stores are probably getting stern talking-tos about not repeating the performance. But two years from now most of the current employees will be gone and the new crop of employees will never had heard of this incident. None of them will have been talked to about it. How is the fine today going to keep them from repeating the mistake?

Sure, the fine might get RS to improve it’s training in regard to this stuff, but most RS employees are trained almost entirely by their store managers and the training entails, “Hang these signs up by ten o’clock” and other OTJ tasks. They rarely refer to the training manuals.

The only way to fix this is education of the public at large. I think the message, “protect your information” is getting out there pretty well. It should be supplemented with the message, “protect the information of others that you are entrusted with, or you might be personally liable for what happens to it - no matter who you work for.”

The employee(s) who trashed the RS information should be sued for negligence. And word should get out that this is what happens when you do stupid stuff with other people’s information even though you work for somebody else.

Where I work, people call me with credit card numbers sometimes. If I can’t directly enter them into our secure system at that moment, then I’ll write them down. But that piece of paper never leaves my sight until it is properly entered and then confettied by my very good paper shredder. And if I went crazy and posted that paper on a public bulletin board someplace, I’d expect to get personally sued for the damages.

w

Hi Wayne,
Thanks for sharing your thoughts and ideas with us. It is appreciated.
Ron