Personal Data Loss Regulations?
A law firm is asking what we’d like to see in draft legislation about identity theft.
The basis is that companies aren’t doing enough to help victims after their data is lost/stolen/compromised.
Here’s a few of my suggestions:
1. Stop storing information you don’t need. If you don’t automatically bill my credit card number, don’t store it.
2. Encrypt all that data you DO store. There’s no reason my SSN should ever be stored in plain text anywhere.
3. Stop storing my SSN on laptops. If you’re a US veteran, there’s probably 2-3000 laptops out there with all of your personal information on them. Laptops are easily lost or stolen and there’s no reason anybody needs to take my information home with them every night.
4. Make massive fines for data loss. I’m talking a 2nd occurrence should cause any company (including even a Google or Microsoft) to go bankrupt. There’s no reason for a first occurrence to even happen but without stiff penalties companies just don’t care.
5. Require companies send letters in the mail to anybody whose data may have been compromised and offer free credit monitoring for 1 year to all those possibly affected.
I myself had had my SSN and personal information stolen from an advertising company I once used (RMX Direct) and it can be a scary process. Sadly, there’s really nothing you can do once it’s happened. Cops don’t prosecute, nobody looks into it or helps you – you’re on your own.
What’s your take?
1 comment April 23rd, 2007