Search This Blog

Saturday, October 06, 2007


WHAT’S OPEN, FULL OF GOODIES, AND RIPE FOR THE TAKING?


According to Jennifer Fiddian-Green, forensic partner with Grant Thornton LLP, a leading Canadian accounting and business advisory firm, you have to look no further than Facebook and MySpace for the answer. Fiddian-Green, in a company release to the press, says that, “identity theft, a growing threat whereby criminals use personal information to obtain credit and loans in a person's name without their knowledge, is being facilitated by information posted on these social networking sites: The more personal information the fraudster has, the easier it is to impersonate victims and wreak havoc on their finances and credit record.” My take is that social networking is a phenomenon that is either in the throes of a technology revolution in the art of communicating, or a pending disaster in the handling of consumers’ private information. A fellow blogger recently told me that he feels the Canadian government is ahead of the US in its fight to protect its citizens’ privacy. If Ms. Fiddian-Green’s statement is any indication of the attitude of private business in Canada, they too are way ahead of the US. I decided to look at Canada’s “Personal Information Protection and Electronic Documents Act” again as a reminder of just how far ahead of US legislation they are. As with the United Kingdom “Data Protection Act of 1998,” when looking at Canada’s Act, members of Congress should be ashamed of the identity crisis in which they are leaving the American consumer to wallow. Here are some juicy tidbits from the Canadian privacy law. Right out of the gate, in Canada business must identify what purpose they have for collecting the data, and use it just for that. Second, they must secure the consent of the consumer to hold their data. And third, the individual has a right to know what information is being compiled on them. Regulations which are foreign to both US business and government. Oh yes, there is a “Grandfather” clause that makes the law retroactive to any personal data already collected by the company. I am dumbfounded how either a House member, or a Senator, can call themselves a representative of their constituency, and not do anything about the privacy rights of the people in their districts. But this post is primarily about Facebook and MySpace, where users routinely furnish information like date of birth, relationship status, where you’re located sometimes with an address, where you work, e-mail and phone number. Right in a profile that often has no restrictions for access. And sometime you don’t really know the person you’re socializing with, quotes Fiddian-Green from an outside source. She adds: all of this information is a treasure chest for hackers. My additional thought here is that by posing as either Facebook or MySpace, phishers will find a goldmine. I’ll leave you with these statistics from Sophos, a world leader in security and technology, who approached 200 random Facebook members to find out how they would react to a “friend” solicitation from a complete stranger.

87% gave details on their education or employment
84% provided date of birth
78% provided an address or locale
72% gave a personal e-mail address
26% divulged their instant-message screen name
23% gave their current phone number

Just so you know who we are dealing with, Facebook, originally open to only college students, now has 49.7% of visitors over age 25, 41.1% over 35, and 7.6% over 55. Household income is over $75,000 for 46.2%, $100,000+ at 29.6 percent. These people should know better, but this is yet another hard example of the “Appathetics” that populate the marketplace.

No comments: