Search This Blog

Saturday, March 22, 2008


DUMBING DOWN ON PRIVACY


To complain about identity theft or not to complain. You’d think there was a clear answer here that, YES, as a victim I want to register my complaint with the Federal Trade Commission to help catch the ID thieves, and hopefully stop them from committing this fraud again. But Alexis Moore in her blog doesn’t agree. Because it takes up to an hour, and because she believes “the consumer receives nothing in return,” she would not do it again, even though she was a victim. The statistic alone is extremely important in that the FTC publishes reports on this criminal activity regularly to convince business and government to improve security for Americans’ sensitive data. That information also serves as guidelines to law enforcement on how to prioritize efforts to help solve the crimes. I’m the first to admit that ID theft, although it is the number one fraud against consumers, does not get the attention from business and government that it should. And Alexis is right about the need for legislation to help solve this issue, and that should be at the federal level. Unfortunately, we won’t see that in an election year, so please be a responsible citizen and report any victimization that happens to you at the FTC ID Theft Complaint Input Form. How to respond to a data breach disclosure letter. This is an area that has been neglected, but CSOonline.com, a magazine devoted to data security, has come up with 5 steps of advice you should listen to if you have received a breach disclosure. These suggestions come from noted authorities on this issue: Larry Ponemon, founder, Ponemon Research Institute, and Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse. First, after carefully reading the letter, search the Internet for more info on your particular case. You want to know everything you can about what was compromised, and if it was a result of negligence or theft. Second, monitor all your accounts as soon as possible, particularly your credit cards where the highest likelihood of fraud will occur. Third, if your social security number was stolen, or compromised, you must notify all three credit bureaus immediately. Four, consider a reputable credit monitoring service, and don’t forget you are eligible for a free credit report from each of the three credit bureaus once each year. Five, you will need to file a report with the police if you are the victim of identity theft, not just credit card fraud where you would notify the card’s issuer. Speaking of data breach disclosures, TJ Maxx and Marshalls stores are sending notices to millions of customers who might have experienced compromised credit card numbers. This includes vouchers and credit monitoring resulting from a proposed settlement with the parent company, TJX, according to an MSNBC article. The data hit the fan at TJX in January of 2007 when it was discovered hackers had been accessing their corporate system and stealing credit and debit card numbers for at least 18 months. In the end, it was learned around 94 million credit records were affected. TJX has done a very poor public relations job of handling the incident, and even refused for two months in the beginning to reveal the size and scope of the breach. A class-action lawsuit in a Boston federal court sort of nudged TJX into action, with their agreement to issue the vouchers and provide three years of credit monitoring. TJX even offered to hold a “Customer Appreciation” sale, something they should have thought about when they failed to secure all this personal data.

2 comments:

Ben Wright said...

Jack: The FTC treated TJX unfairly. The FTC should rethink the law of credit card security, and stop treating merchant victims of organized crime as culprits. --Ben

Jack E. Dunning said...

Hi Ben...

Thanks for your input. I agree that business is not getting a fair shake in the identity crisis, as well as government, because the issue escalated so fast, and neither has had the proper guidelines, nor technology, to cope with the problem. If the crook is intent on stealing our sensitive data, he will find a way. However, a completely inept Congress has compounded the situation with its inability to pass legislation to help provide an equitable solution. In the meantime, it is the individual who suffers the most. My answer is to grant consumers control over their names and personal data, and compensate them when it is sold as an incentive to take on this new responsibility.

Jack E. Dunning
The Dunning Letter