Identity Theft and Creating Significant Legislation
- 5
- Add a Comment
- No Related Post
The sale of paper shedders must be increasing. The shredders are occupying more and more shelf space at the local office supply store. Some have a trendy look and are meant to make a decorating statement. In addition, there are local public service announcements about how important it is to shred and to take a positive step towards preventing identity theft. Some communities are having ’shredding events’ to promote how import it is to destroy any documents that might reveal personal information.
I find these prevention messages somewhat grating - and disingenuous. I can shred all my important trash and take all the necessary precautions - and still be a target of identity theft. My data, along with everyone else’s data, are on data bases and possibly on people’s laptops. For example, my data are at various schools, government agencies, banks and various other places. Neither you or I have any control of those data bases and we trust that our personal information is secure.
Unfortunately, it isn’t. There are reports of data breaches almost daily. A bank loses a back-up tape. A Department of Motor Vehicle has a computer stolen. A university computer system is hacked. A government department has a laptop stolen. An international retail chain has a data breach. These are just examples. The list goes on and on. There are even web sites that document a chronology of data breaches. It is an astounding list.
Until there is significant punitive legislation about compromised data, the list of security breaches will continue to grow. Having a data breach reported in the media may be an embarrassment. It may effect business and/or public perception for a couple of news cycles. The incident becomes a ‘cold’ news item - then the next incident is reported. We become immune to these reports. One of the ways to make security a prime focus, for those who are the guardians of these data, is to have meaningful legislation. That legislation should be significantly punitive so that any data breach is not only an embarrassment but make it a criminal catastrophe.
And be honest - shredding is only a small part of the solution.
Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/
[tags]identity theft, data breach, privacy, security, catherine forsythe[/tags]
5 Comments
Tim Hodkinson
February 12th, 2007
at 12:49am
Absolutely right. Companies or organizations should be held responsible for damages due to the theft or misuse of personal data which they hold. And for starters they shouldn’t be allowed to store any data without a good reason. For instance, after a credit card sales transaction is made, there is no reason for the seller to keep the customer’s credit card info, or for that matter, any information regarding the customer. If companies were held liable for lost or stolen customer data, then they would keep a lot less of it. Legislation is the only thing which can change this. Actually, I think that’s what legislation is for.
Mike Nelson
February 13th, 2007
at 6:53am
Dear Tim,
Well said! In addition, to all of these retail stores that use the automactic fund withdrawal when you write a check, instead of handing the check back, it should be required that they have a shredder right there at the check out counter and shred that check right in front of your eyes. I am pressing locally that all retailers that use that system should be required to have a shredder. It is not just good business, it is responsible business. How many checks that are returned to the customer while they are shopping gets lost? I know I refuse to take my check back (my wife hates it when I make a scene), but when I write a check, I don’t want to take the chance to loose it at another store writting a check.
Michael H. Bell
February 13th, 2007
at 7:15am
You are absolutely right. Companies who request and use YOUR personal data as part of the proces of making it easier for them to take YOUR money to get THIER product or service and then do not safegaurd that data, or even sell it, should be criminally charged if it is lost or stolen due to their neglect. The reality of it is that in order to initiate the actions necessary, and incur the costs, to safeguard YOUR data, these companies will probably just pass those costs on, and take MORE of YOUR money for doing business with them.
T. Ballantine
February 13th, 2007
at 10:31am
On the other hand . . . this is about negligence, usually, not intentional, knowing conduct. Organizations that take data from us that would be useful to an identity thief have a duty to safeguard it, and, when they fail to do so, they should bear responsibility AND they should satisfy us that our data will be secure before we’re forced to use their service. But, a criminal penalty will ensure headaches for those of us who use, or could get access to, such data in our daily worklife, which means pretty much everyone who isn’t a carpenter — or a welder. Make the negligent loss of personal data a crime and the person who would be on hook for that loss will always answer “NO!” to any question of “can we set up XYZ intelligent system that a reasonable person would consider safe from being stolen or hacked.” The _criminals_ are the malevolent hackers, laptop thieves, scammers and phishers.
S D PERSON
June 1st, 2007
at 10:16pm
I HAVE RECEIVED A SECOND LETTER WHICH CLAIMS TO BE FROM THE DEPARTMENT OF VETERAN AFFAIRS IN AUSTIN, TEXAS STATING THAT, AS A DOCTOR, MY IDENTITY IS COMPROMISED BECAUSE OF A STOLEN HARD DRIVE AT THE BIRMINGHAM VA MEDICAL CENTER. THEY OFFER TO PROVIDE SOME CREDIT MONITORING…OF COURSE YOU HAVE TO PROVIDE PERSONAL INFORMATION TO GET THIS PROTECTION. I DON’T KNOW WHETHER TO TRUST THIS OR IF, THIS ITSELF, COULD BE A SCAM. IS THERE ANY OFFICIAL ADVICE ON THIS ISSUE?