IPcentral Weblog
  The DACA Blog

Thursday, January 12, 2006

Breach Notification - It Is Never Pretty
(previous | next)

The start of the New Year brought consumers in Illinois, Louisiana and New Jersey new laws on data security. Specifically, each law details the steps that must be taken if there is a breach of a firm's management system for personal information about their consumers. I've lost count, but there are now about two dozen states with their own statutory provisions regarding breach notification.

Perhaps that is what prompted a Connecticut-based bank to announce yesterday that it lost records on 90,000 customers. This in itself is a problem. Surely some of the 90,000 consumers will be unhappy with information about them floating around somewhere between Bridgeport and the credit bureau it was destined for in Woodlyn, Pennsylvania. Other banking customers will be unhappy with the effects that will result from the major expense and hassle associated with the mishap. As the bank undertakes considerable expense to remediate the situation, profits (loss to shareholders) may fall and fees on services may rise.

What is striking is the measure to which this problem is not a digital or technological problem.

Why? The records were lost in transit - via UPS. A hacker gaining access to proprietary bank computers? Nope. A crew of decentralized anarchists hoping to bring down an industry leader? Nope. An evil genius employee who stole secret access codes from the bank's data management vendor? Nope. As far as we know, this is simply a case of a lost package.

Records are an important asset for a business dealing in financial assets. However, security is not a new problem for banks. From the stolid architectural designs of yesterday’s downtown "main branch" to the most advanced electronic scanners and cameras used today, banks have always cared about security. Less so as a matter of degree, other types of firms that also collect and manage personal information about consumers have a stake in protecting data as well. Let's hope that in the 2006 policy discussions about breach, data security and notification mandates don't overemphasize the digital aspect of storage and transport. Data security - as evidenced yesterday in Connecticut - is a much broader issue.

posted by @ 3:42 PM | Privacy

Share |

Link to this Entry | Printer-Friendly

Post a Comment:

Blog Main
RSS Feed  
Recent Posts
  EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case
New OECD Study Finds That Improved IPR Protections Benefit Developing Countries
Hubris, Cowardice, File-sharing, and TechDirt
iPhones, DRM, and Doom-Mongers
"Rogue Archivist" Carl Malamud On How to Fix Gov2.0
Coping with Information Overload: Thoughts on Hamlet's BlackBerry by William Powers
How Many Times Has Michael "Dr. Doom" Copps Forecast an Internet Apocalypse?
Google / Verizon Proposal May Be Important Compromise, But Regulatory Trajectory Concerns Many
Two Schools of Internet Pessimism
GAO: Wireless Prices Plummeting; Public Knowledge: We Must Regulate!
Archives by Month
  September 2010
August 2010
July 2010
June 2010
  - (see all)
Archives by Topic
  - A La Carte
- Add category
- Advertising & Marketing
- Antitrust & Competition Policy
- Appleplectics
- Books & Book Reviews
- Broadband
- Cable
- Campaign Finance Law
- Capitalism
- Capitol Hill
- China
- Commons
- Communications
- Copyright
- Cutting the Video Cord
- Cyber-Security
- Digital Americas
- Digital Europe
- Digital Europe 2006
- Digital TV
- E-commerce
- e-Government & Transparency
- Economics
- Education
- Electricity
- Energy
- Events
- Exaflood
- Free Speech
- Gambling
- General
- Generic Rant
- Global Innovation
- Googlephobia
- Googlephobia
- Human Capital
- Innovation
- Intermediary Deputization & Section 230
- Internet
- Internet Governance
- Internet TV
- Interoperability
- IP
- Local Franchising
- Mass Media
- Media Regulation
- Monetary Policy
- Municipal Ownership
- Net Neutrality
- Neutrality
- Non-PFF Podcasts
- Ongoing Series
- Online Safety & Parental Controls
- Open Source
- PFF Podcasts
- Philosophy / Cyber-Libertarianism
- Privacy
- Privacy Solutions
- Regulation
- Search
- Security
- Software
- Space
- Spectrum
- Sports
- State Policy
- Supreme Court
- Taxes
- The FCC
- The FTC
- The News Frontier
- Think Tanks
- Trade
- Trademark
- Universal Service
- Video Games & Virtual Worlds
- VoIP
- What We're Reading
- Wireless
- Wireline
Archives by Author
PFF Blogosphere Archives
We welcome comments by email - look for a link to the author's email address in the byline of each post. Please let us know if we may publish your remarks.

The Progress & Freedom Foundation