Search This Blog

Thursday, October 25, 2007


FROM THE ABSURD TO THE RIDICULOUS: DATA COLLECTORS CONTINUE TO DROP BOMBSHELLS


We haven’t rented movies from Blockbuster for some time now, and maybe never will again. In Sarasota, Florida, this guy was looking for boxes in the refuse bin behind one of their stores when he uncovered Blockbuster trash containing membership forms and employee applications that included names, addresses, credit card numbers and Social Security numbers. According to the Sarasota Herald Tribune, Jonathan Murray told Blockbuster about what he had found, but that when he returned the next day for more boxes, he found “credit card stuff.” What was available in the receptacle was clearly information that could provide ID thieves all the ingredients necessary to steal the identities of the customers affected. So, should we just write it off to another dumb mistake on the part of a company employee that either has a double-digit IQ, or just doesn’t give a damn? It’s pathetic, and what is worse it seems like this kind of incident will never come to an end. On the other hand, retailers in Connecticut are asking for help in alleviating their liability by credit card companies like Visa and MasterCard, who require the stores to hold on to data from one year to 18 months. (See article) This is yet another reason why there should be a standard rule for storing any individual sensitive data. And if the data collecting industry—which includes just about every commercial and government entity—won’t police themselves, the feds or states should do it for them. To cap things off, a study done by Ponemon Research that was commissioned by a Dallas-based law firm shows that, of 700 IT executives and security officers questioned, 85 percent said their business had experienced a data security breach. Worse yet, “46% of those surveyed said their businesses didn't implement encryption solutions on portable devices even after suffering a data breach.” Larry Ponemon, founder of Ponemon Research, in SearchSecurity.com, says although organizations have experienced a number of data breaches, the upper and middle echelons of management have been kept out of the loop on this issue. But the top guys have been watching closer since the TJX (TJ Maxx, Marshalls, etc.) data breach, where over 45 million credit and debit card numbers were stolen due to weak encryption. Just yesterday, that figure was increased to 94 million account records. So “Who do you Trust?” as Johnny Carson would say on his show by the same name back in the 1950s and 1960s. I don’t want to appear altogether cynical, but it is hard to place our trust in businesses and government agencies that seemingly and everlastingly continue to lose our sensitive data, or knowingly place it in a position for the bad guys to steal. In the Blockbuster Sarasota episode, you have this recklessness going on at the smallest level, but when you turn to a TJX, the magnitude of the crisis may be colossal, but it still boils down to incompetence. And that is why we must grant consumers control over their names and personal data, and while we're at it, compensate them when it is sold.

No comments: