Protect consumer data.Byline: The Register-Guard If you're like most Americans, you've read occasional horror stories horror story Story intended to elicit a strong feeling of fear. Such tales are of ancient origin and form a substantial part of folk literature. They may feature supernatural elements such as ghosts, witches, or vampires or address more realistic psychological fears. about identity theft, shaken your head over the plight of victims and then moved on with your life, reasonably confident that hackers and thieves List of Thieves. Famous
A series of recent information mega-heists, culminating in last week's disclosure that data on 40 million credit card accounts nationwide were stolen from the computers of an Atlanta data-processing firm, has served as a wake-up call. Here in Lane County, banks and credit unions scrambled scram·ble v. scram·bled, scram·bling, scram·bles v.intr. 1. To move or climb hurriedly, especially on the hands and knees. 2. to notify thousands of customers that they were potential victims of identity theft and fraud. Suddenly, the issue of data security is no longer the sole province of guys wearing nerd glasses and pocket protectors A pocket protector is a sheath designed to hold writing instruments and other small implements, such as slide rules, while preventing them from damaging the wearer's shirt (e.g., by tearing or staining by a leaky pen). . Politicians and businesses are now painfully aware that a smoothly functioning information economy requires protecting information from theft. Data theft is becoming appallingly routine. The Federal Trade Commission estimates it accounted for $50 billion in losses last year. So far this year, 50 million Americans have had their credit card numbers, Social Security information, health records and other personal information exposed to potential theft. Given the potentially devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. loss of consumer trust, one would think businesses would have done a better job of putting safeguards in place. But their sloppiness and vulnerability seem to know no bounds. Last week's announcement by CardSystems Solutions CardSystems Solutions is a credit card processing company. In June 2005, the fact that 40 million credit cards had been stolen from CardSystems was discovered. This led to the discoveries that CardSystems had been keeping data that it was contractually obligated to delete, and that , a company that handles more than $15 billion in annual credit card transactions, that thieves had hacked Modified. Attacked. Having code altered. See hack and hacker. their way into a database on 40 million cardholders was bad enough. Worse still was the company's acknowledgement that the information should not even have been stored on its files. Earlier this month, Citigroup announced that it had lost unencrypted computer tapes containing sensitive information on nearly 4 million of the financial giant's current and former customers. So much for self-regulation. It's time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a for Congress to take data theft seriously and pass legislation protecting consumers and cracking down on companies that fail to secure information. So far, lawmakers have been content to let individual states take the lead. But that approach must change - identity theft is national, not a state or regional problem. But Congress can learn from states that already have acted. California, for example, has passed a law requiring companies to notify customers affected by data breaches. That's a good start, but even tougher tactics are needed. Federal legislation should include requirements for data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign and Federal Trade Commission oversight. Lawmakers should also follow the European Union's example by requiring companies to regularly assess and report on data protection practices. It's too late for Congress to protect consumers whose data already have fallen into the wrong hands. But it's not too late to protect the rest and to require that businesses do a better job of safeguarding the information Americans have entrusted them to handle. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion