Search This Blog

Friday, February 22, 2008


No, they have nothing to do with each other. But in both cases it shows the incompetence we are dealing with when it comes to our personal data. In the Best Buy incident, a customer bought a laptop, also purchased extra warranty coverage, tried to use that when her computer had a problem, and ended up losing her laptop, and private records including copies of her taxes. In an Information Week story, the whole episode is played out like a comedy of errors much like the old Keystone Kops movies. Best Buy’s Geek Squad took the machine to repair a power switch, and it hasn’t been heard of since. It was three months before Raelyn Campbell even found out her laptop was lost, which in itself is a violation of Washington, DC law that requires notification of a security breach because tax records were involved. Campbell filed a $54 million lawsuit to get their attention, and it worked. A fellow blogger and privacy attorney, William Morriss, did a post on this you will want to read here. It is his professional contention that Best Buy will spend much more money than what the victim originally asked for in compensation for the lost computer, due to potential legal fees and eventual damages to Campbell. Morriss also sees the outcome as “a powerful example of how allowing consumers to protect the security of their own data can have beneficial effects beyond consumer privacy.” He also told me that a person’s information is essentially an extension of that person, and having respect for information is really about having proper respect for the subject individual. This phrase should be hanging in the board room of every business in the U.S. that collects names and personal data. What it has come down to is the fact that many companies respect neither the private information nor the “subject individual” which is evidenced by the alarming number of data breaches that just keep on coming. There have been 44 just since the first of this year, with 443 in 2007, 315 in 2006, according to the Identity Theft Resource Center, in an Information Week article. Folks, if we keep growing the identity theft business at the rate of nearly 41 percent a year, we are headed for a catastrophe. More numbers include 127 million personal data records lost or stolen in 2007 from the 443 breaches, compared to 20 million in 2006. Granted, 94 million in 2007 were from one company, TJX (TJ Maxx, Marshalls) but even without that, there was a 65 percent increase of records exposed in 2007 over 2006. And if you think all this sensitive data is just going to remain dormant somewhere, think again. There were 8.4 identity theft victims in 2006 averaging $5,720 a loss. However this was down from 9.3 million in 2005. But even with a comparable decrease in 2007, there will still be 7.5 million victims. I don’t think that’s acceptable.

Tomorrow: how Office Max “inappropriately” obtained my wife’s driver’s license number. Another episode of the Keystone Kops.

No comments: