Search This Blog

Thursday, April 24, 2008


There is a site, darkReading, you may or may not have heard of. They say they aren’t licensed therapists, but that they do “deal with an astonishing variety of insecurity each day.” They are talking about the personal data kind that end up in breaches by business and government we hear about almost on a daily basis. In a recent darkReading, they use the headline for a article, “2008 Could Be Record Year for Breaches,” that reveals the latest results from the Identity Theft Resource Center; the fact that in the first three months of 2008, there have been 167 incidents of compromised data, twice the first quarter of 2007.

What worries me most is that I have been predicting for the last year that 2008 will be a record year for identity theft victims, due primarily to the fact that much of the free credit monitoring offered by “breachers” will expire in 2008, leaving the ID thieves open to use the private information they have stolen. If this year will set a new record for breaches, what will the number of victims look like in 2009? Fortunately, many of the companies responsible for losing your sensitive data are now offering two years of free credit monitoring, so, if you do become a victim, demand it.

ITRC also reports that those receiving letters of notification indicating their private information has been exposed have been “given incorrect directions or not enough information,” on what to do. The combination of having your personal data breached, along with the fact that the business responsible doesn’t really know how to help you, has shaken the confidence of the American consumer to the point where they are legitimately refusing to give up any private information. See my earlier post on Safeway.

In another darkReading piece, 31 percent of customers who have become breach victims stopped doing business with the company; 55 percent were notified twice in two years; 8 percent four times or more. These are figures provided by a new study from the Ponemon Institute.

On March 7, of this year I did a post on what we might expect in 2008: “One More Outlook for Data Loss Prevention in 2008.” What it flatly says is that we cannot protect our names and personal data with the means that we have today. That includes both the business or government agency collecting the data, as well as the individual from whom the data is sourced.

Consumers have lost control over their names and private information at a time when the outward appearance is that data collectors do not know how to protect what they collect but continue to collect it, nevertheless, at an alarming rate One of the primary reasons to expect record breaches in 2008. This opinion, shared by many privacy activists, stems in part from a recent statement from a VP of Marketing and Security working at a database security company: "People are saying 'let's step back and realize our data is under siege, what's of value that we need to protect and where is it?'" We’ve waited until now to do this?

If you want to see the number of victims from identity theft drop drastically in 2008, leading eventually to a zero factor, we need to give consumers control over their names and personal data, and compensate them when it is sold to provide incentive to assume this responsibility. Otherwise, I can’t imagine where the ID crisis will have risen to in 2010.

No comments: