ONE MORE OUTLOOK FOR DATA LOSS PREVENTION IN 2008

With 2007 a banner year for personal data breaches, the outlook for 2008 will no doubt be measured with how much we’ve learned from this experience, and what and how much we are doing about it. There is definitely some progress, but many privacy advocates—myself included—feel that we have simply waited too long to address the identity crisis with a firm approach. The consumer has completely lost control. Further, my thinking is that the core of this dilemma that has reached enormous proportions is that business and government will not accept the fact that the only solution to the problem is to give individuals control over their names and personal data, and compensate them when it is sold. By paying the name-holder a fair price, there is incentive for them to take charge of this control and handle it like any other responsibility in their every day lives. The latest analysis of the state of ID theft comes from Stephanie Hoffman of ChannelWeb in her article, “Data Loss Prevention Trends to Watch in 2008.” Right off the bat the Ponemon Institute tells us that the total average cost for lost or exposed data grew to $197 per compromised record. Harking back to the data breach that started all this, ChoicePoint’s loss of 163,000 private records to Nigerian identity thieves, that would cost CP over $32 million. The biggest ever breach, 94 million records from TJX (TJ Maxx, Marshalls) in early 2007 comes to a cost of $18.5 billion. I would like to ask TJX the question, “If I could give you back that $18.5 billion, along with the losses in your stock and customer goodwill, would you relinquish control over this sensitive data to the name-holder?” As far as I know, no one has added up losses like these to reach a grand total, but suffice it to say, it would build a lot of schools and pay for a lot of medical care. In Hoffman’s piece, she quotes Ted Julian, VP of marketing and security for a database security company, as saying: "People are saying 'let's step back and realize our data is under siege, what's of value that we need to protect and where is it?'" Statements like this just prove how far-removed business and government are in recognizing where we actually stand in the identity crisis. If we don’t know what data we should protect and where it resides by now, the ID theft meltdown is in much worse shape than any of us could imagine. On the pessimistic side, Ponemon feels that business and government will not be able to keep up with the “sophisticated methods” of the crooks, as they begin to focus their attention on the databases that house all this private information. And just from my experience as a junk mail data broker, there are thousands of them out there. Another threat is the resurrection of the Storm Worm virus, a malicious program that spreads through computers without any help or detection. More on this next week.