WHAT U.S. BUSINESS THINKS OF YOUR PERSONAL DATA

I’ve been railing over the way business treats consumers’ names and personal data for over two years now, and now InformationWeek Research’s 10th Annual Global Information Security survey seems to come to the same conclusion, rating it as “The data theft time bomb.” To begin, two-thirds of the U.S. respondents—U.S. results are compared with China—feel just as vulnerable to security attacks as they did last year. In China, it’s 89 percent. Apparently that feeling doesn’t cause much concern since one-third in the U.S. list “preventing breaches” as their top priority to maintain security. Less than one-half for China. I’m not sure why the comparison with china, but there is an interesting parallel at the end of the article. Where the U.S. expects to decrease its spending on security to 12 percent this year from 13 percent in 2006, China plans 19 percent in 2007, up from 16 percent in 2006. Another statistic: China is fourth as a phishing host country, whereas the United States is first. It’s hard to tell if China is just ahead of us technologically, or the U.S. has just decided not to worry about the identity crisis. Here’s a shocker: nearly one-quarter of U.S. businesses do not measure the value of their security investment. Most experts agree that employees are one of the highest potentials—If not the highest—for a breach in security. It is this kind of fact that makes me go ballistic when I hear other supposed experts make claims that almost no identity theft results from large company data breaches. The rogue employee knows what the data is about, and sells it for the purpose of ID thieves reaping benefits from the data. This is an excellent study for those interested in the security of our sensitive data, and I highly recommend its reading.