Search This Blog

Saturday, February 16, 2008


It is obvious that junk mailers are worried about their authority over our names and personal data when a list broker writes an article with the headline: “Self-regulate or Die.” It was in Multichannel Merchant, an online division of industry magazine, Direct. The author visualizes “a world in which no transactional data can be rented or shared unless customers have given express written consent.” It’s a dream I have been having for over ten years. This guy also thinks that if you ask, the customer will rush to say yes…go right ahead and sell my name and private information. There may be a lot of apathy out there over this issue, but I have the sneaking suspicion that, with the current identity crisis—which our writer has apparently overlooked or ignored—the public would make the decision to hold on to their sensitive data. One major reason they should, is a statement made in the piece confirming one of my primary concerns about the junk mail business: “most direct marketers are not members of the DMA and are therefore not subject to its guidelines.” Simply put, they are subject to no industry regulation, and one of this group is a major catalog you probably receive regularly. Online shoppers are “fed up” with data breaches, and some aren’t taking it anymore. George Hulme writes in InformationWeek that the level of concern about their credit card privates is at 57 percent, and that in 2007 only two-thirds of adult Internet users were buying online, according to a University of Southern California Center for Digital Future study. That spells disaster for cyberspace commerce if something isn’t done immediately. Gartner Research finds some of those victimized at least alter their online payment behavior. Even while online, they are likely to pick up the phone to give payment details. In the recent Federal Trade Commission report on fraud and identity theft, there were 221,226 Internet-related fraud complaints in 2007 with an average loss to the victim of $2,730. Interestingly, only 2 percent of those complaints came from age 19 and under, 12 percent over 60. Those 40 to 49 were the largest single group at 24 percent, the rest spread pretty evenly. It’s bad enough that we have to guard against unwanted spam and phishing attacks, but if online retailers don’t get their security act together, much more of this valuable market will be shunned by the consumer. 2008 has already started with a bang; a hacker broke into a financial services company database located in Montana, stealing 226,000 names, addresses and Social Security numbers. By the way, they don’t do this just for fun anymore. I did a recent post on state notification laws that had some good information for looking into what a particular state has done to help alleviate this issue. Although I still feel it must be uniform, federal legislation—something we’re not likely to get with the incompetent U.S. Congress we’re stuck with—at least someone is trying. Forty of the states have passed something meaningful, but they all miss the mark of my concept awarding control to the consumer of their names and personal data. You can find another source of this information at CSO Online (it stands for chief security officer) which portrays the data in the form of a map you can click on by state to get information. Things like notification guidelines, penalty for failure to disclose, private right of action and exemptions. When you click on the flag over Washington, DC, you get pending federal legislation pertinent to data breach disclosure, which will probably not have changed when we look at the updated version of this map next year.

No comments: