Personal Data Theft: It's Outrageous
"Americans seem to be concerned, but not outraged, by news in recent weeks that two big data collectors sold detailed personal information on nearly 500,000 people to buyers who had absolutely no business getting it. Maybe this is because we've become inured to the supposed inevitability of our personal data being available to anyone who looks hard enough.
But it's time for some outrage -- and long past time for the legal system to hold the people who assemble this information without our knowledge or consent accountable for what happens to it.
Given the current state of nonregulation of this industry, it's something of a wonder that we even know of the breaches. That we do is only because the California legislature passed a law in 2003 requiring companies to notify affected individuals of security compromises in computerized databases.
BOGUS BUYERS. Being required to notify California residents, it was hard for data collectors ChoicePoint (CPS) and LexisNexis, a unit of Reed Elsevier (ENL), to hide the fact that they had improperly given out data on 145,000 and 310,000 individuals, respectively.
Executives for LexisNexis and ChoicePoint told Congress during hearings held by the Senate Judiciary Committee on Apr. 13-14 that they would support a national disclosure law as long it prevented individual states from imposing even tougher requirements. They also apologized for the difficulties the breaches may have caused consumers.
In considering what to do to protect this data, it's important to understand exactly what happened in these cases. There was no hacker attack and no breach of the technical security of databases, though both factors have figured in other data losses. ChoicePoint and LexisNexis are supposed to sell the data they collect only to qualified businesses or government agencies, but it turns out that they did a terrible job of assessing their customers' qualifications."
Full Article from Businessweek Online/MSNBC
But it's time for some outrage -- and long past time for the legal system to hold the people who assemble this information without our knowledge or consent accountable for what happens to it.
Given the current state of nonregulation of this industry, it's something of a wonder that we even know of the breaches. That we do is only because the California legislature passed a law in 2003 requiring companies to notify affected individuals of security compromises in computerized databases.
BOGUS BUYERS. Being required to notify California residents, it was hard for data collectors ChoicePoint (CPS) and LexisNexis, a unit of Reed Elsevier (ENL), to hide the fact that they had improperly given out data on 145,000 and 310,000 individuals, respectively.
Executives for LexisNexis and ChoicePoint told Congress during hearings held by the Senate Judiciary Committee on Apr. 13-14 that they would support a national disclosure law as long it prevented individual states from imposing even tougher requirements. They also apologized for the difficulties the breaches may have caused consumers.
In considering what to do to protect this data, it's important to understand exactly what happened in these cases. There was no hacker attack and no breach of the technical security of databases, though both factors have figured in other data losses. ChoicePoint and LexisNexis are supposed to sell the data they collect only to qualified businesses or government agencies, but it turns out that they did a terrible job of assessing their customers' qualifications."
Full Article from Businessweek Online/MSNBC
0 Comments:
Post a Comment
<< Home