Data Theft and Corporate Irresponsibility? 352
cjsnell asks: "Today, I received a letter from a student loan provider notifying me that my name and social security number had been stolen along with a contractor's computer. This makes -four- agencies that have lost my personal information, in the last year. Today's letter was the most disappointing yet: the company, Texas Guaranteed, did not offer any credit report monitoring like the previous three had. Their advice? Send a letter to the credit bureaus. Gee, thanks. Clearly, mass identity theft is completely out of hand and there doesn't seem to be any government regulation for handling these situations, nor does there seem to be any punitive action against businesses that lose customers' data. Do we, as consumers, have any recourse against these businesses?"
Recourse (Score:4, Funny)
Hi, my name is Lizzy Fair (Score:5, Funny)
I'm appalled by all the anticapitalist rhetoric that is being spewed on Slashdot regarding the corporate use of your personal information and the occasional leak of your SSN into the wrong hands.
You people talk like you want absolute ownership over your personal information. Like you want a corporation - an entity that only exists for the purpose of maximizing net profit - to take responsibility for handling your personal information. Then you'll be holding them liable for mishandling your info. Do you realize what damage this will do to corporate profits?
That utterly reeks of communism. What's next? Treating your personal information as your own property to be handled on your terms and not theirs? Heck, if we follow that line of reasoning, the Government will have to intrude even further into our lives and implement a law to treat personal information brokers like Choicepoint and Unicru as potential data pirates. I can see it now: the Digital Millenium Privacy Act.
Corporations made America, and now you pink commies are about to create a kleptocracy in the name of your overzealous attack on public access to personal information. Sheesh.
[...end Right wing parody]
Re:Recourse (Score:5, Informative)
Senator Specter,
I am writing to voice my concern over the lack of control many corporations have over my personal information - and just as importantly, the lack of recourse I have as a citizen should those corporations abuse my information. Over the course of the past 60 days, I've received 4 notices that a given corporation - two of which I don't even do business with, nor have I ever - have had my personal information compromised. Two of them were kind enough to provide suggestions as to what steps I should take to monitor this, one of them simply stated that they'd allowed my information to be compromised, and the final one actually sent me an empty envelope. I contacted them based on their return address to make an inquiry, and obtained confirmation that that too had compromised my information.
All this within a two-month period. And these are the ones that have voluntarily divulged that my information has been compromised - I'm assuming there have been other incidents that have not been disclosed.
It's absurdly obvious to me that, at minimum, there needs to be minimum standards of data protection, and recourse for the individual in the event that one suffers personal loss as a result of a corporation not adhering to those minimum standards of protection. In the day of high speed data transmission and very powerful encryption techniques, it's ludicrous that they are transporting these types of sensitive information around on unencrypted computers and on non-secured servers or portable drives.
I do not want to wait until something detrimental occurs to me before I take action. Identify theft has become so common place that it's become background noise, and we as a society have accepted it as a part of life in the modern world - this can not be the solution. Until there are ramifications for corporations that mistreat personal data that results in personal harm, there is no incentive for them to alter their behavior.
I certainly do not have the answer, nor would I presume to tell you what should be done to rectify this. I would, however, ask that you expend some resources to find and implement a solution to the issue. I am quite confident that were the tables turned, and I were to disclose damaging information that affected the fiscal health of those companies, that the repercussions I would face as a result from them would be quite serious.
Thank you for your time.
Regards,
Re:Recourse (Score:5, Insightful)
If the bank stores all their customers' cash in cardboard boxes behind the building, then yes, prosecuting the bank would be in order.
Also, your rhethorical question is wrong. The robber will be prosecuted in any case (for robbery), even if the bank is prosecuted for gross neglegience.
Re:Recourse (Score:4, Insightful)
This particular case is more like you depositing a copy of your house key with your neighbour (in case you should lose yours), and that KEY gets stolen. Your neighbour might tell you that the key is gone - and worse yet, that the key actually has a tag with your name and address attached to it. So, until you can go and change your locks, your home is basically compromised and it takes a lot of effort keeping it safe, until the locks are replaced.
With the stolen social security numbers, you can't switch your social security number easily, if at all? Is it possible at all to apply for a new social sec no in the US moving your data to the new one, but invalidating the old one?
In the example with your key getting stolen from a neighbour's property; of course, it's not really the neighbour's fault, if someone breaks into his house.
BUT - the neighbour might be liable, if gross negligence aided losing the key in the first place (i.e. putting up a sign with an arrow pointing to the key with all the data as to whose key it is, right outside on the front lawn - without any protective measure).
If an agency hands over your data to an outside contractor - they HAVE to put safeguards in place (check out the contractor's background/reputation, and *his* security measures), because they are handing away data that you *entrusted* to them. Just handing out blanket data, without properly protecting it (really good encryption, at the least, with the key being nowhere near the laptop during transport), is them breaking your trust.
And THAT is something that might make them very well liable for what happens.
(Needless to say - even those that will pay for free credit checks for a year, what's that to say, at all? THEY broke your trust by not safeguarding the data, and while they pay for the checks (for a limited time), they are not paying for your time following up the checks and/or the hassle in case something happens.)
Re:Recourse (Score:3, Informative)
If you leave the car unlocked and the key in the ignition, then you should be held liable for any damage caused by the car, no matter who's driving it. A car is a dangerous object, so the owner is responsible for taking at least some basic measures to prevent unauthorized operation of the vehicle.
Oh, you're laughing ? That's the way it is here. We also have data protection laws that would get companies who keep unnecessary r
Re:Recourse (Score:3, Insightful)
Fsck that. Pure and simple. Keep the thing locked and the key under your control, that's what it's for.
Garages are much easier to break into than starting a car without the key (the latter can be fairly easy, but requires a modest amount of technical knowledge instead of just a crowbar or a sledgehammer). And once the engine is running, getting out of the garage is not a big problem (there's enough salvageable parts on the car even after it breaks through the gate or th
Re:Recourse (Score:4, Funny)
It must be wonderful to live in a place where you can feel that secure... I remember it wasn't too long ago that in my town, we didn't have to lock our doors, take our keys out of the car. I wanna live where you do.
So, kindly tell me where you live. Please be specific. Google Maps link if possible. What kinda car do you drive?
Re:You get the feeling... (Score:3, Funny)
Simple... (Score:5, Funny)
Re:Simple... (Score:5, Funny)
Just Email me with your Name, Address, Social Security number, and Credit Card information and I'll take care of it all.
Re:Simple... (Score:3, Funny)
Re:Simple... (Score:5, Funny)
They stole my identity, not my stapler.
Re:Simple... (Score:4, Insightful)
Nope.
If you choose to live in a country where the government is pro-corporation instead of pro-people, you've got to accept that you're powerless. If you don't like the heat, get out of the kitchen -- or do something about the chef :-)
Re:Simple... (Score:3, Insightful)
What I don't understand is why people spend unlimited time negotiating with companies they have no legitimate association with. If a company is reporting that I owe t
the less information collected the better (Score:5, Interesting)
Yep... (Score:5, Interesting)
You [b]can[/b] do it, but it can also be a hassle, since you have to educate people (especially health care people, who seem to be clueless as a whole).
Health Care (Score:3, Interesting)
My data has been lost 3 times in as many years...all by the wonderful work of healthcare related companies. Seriously...how hard is it. Just don't lose it. Better yet...don't store it in the first place.
I've had to put watches on 'my accounts' with the credit reporting agencies myself for each one too. You know how irritating it is that I have to take a couple of hours out of my day to fix some other nimrod's stupidity induced problem? Makes me want to
Re:Yep... (Score:3, Informative)
Re:Yep... (Score:3, Interesting)
It's the Golden Rule in operation. He who has the gold makes the rules.
Not that I'm pro-information-abuse.
--Rob
When a hospital asks for your SSN... (Score:4, Interesting)
Re:the less information collected the better (Score:3, Insightful)
And, in general, you need their services more than they need your business. And it's not like you can count on competition to solve the problem: they're all like this, and it's likely there's a "gentleman's agreement" in place to keep things as they are. After all, nobody (except the customer) really benefits if someone steps up to the plate with a smaller information requi
Completely out of hand (Score:4, Insightful)
Re:Completely out of hand (Score:5, Insightful)
We've evolved our own Big Brother via capitalism.
Somewhere, Karl Marx and George Orwell are sharing a laugh from beyond the grave.
Re:Completely out of hand (Score:5, Insightful)
Data Protection Act? (Score:3, Insightful)
Briefly, this states that data must be:
* fairly and lawfully processed;
* processed for limited purposes;
* adequate, relevant and not excessive;
* accurate and up to date;
* not kept longer than necessary;
* processed in accordance with the individual's rights;
Re:Completely out of hand (Score:3, Insightful)
You can keep them from getting any of your information right now if you don't t
Re:Way too much power (Score:3, Informative)
Insurance isn't so much about punishing you for bad behavior as it is about trying to price itself based on what you're likely to do during the policy term. There's a lot of research that has shown this to be overwhelmingly a sound practice. From Insurance Information Institute [iii.org]:
starting over (Score:5, Insightful)
Re:starting over (Score:2)
Re:starting over (Score:2)
Liability, liability, liability (Score:5, Interesting)
1) Create and enforce real liability for loss of personal data. After that it may make sense to introduce "safe harbor" general privacy regulation (unlike domain-specific regulation like HIPAA) where if you comply with the regs, you get relief from liability in the event of a genuine mistake or contingency.
2) Create and enforce real responsibility of credit providers and credit bureaus. Allow consumers to immediately suspend any line of credit, and require true checks before issuing credit (no more instant credit). No more endless paper battles to get credit ratings fixed, charges rescinded, etc. [These previous two were cribbed from Kevin Drum at WashingtonMonthly.com. He expouns on this subject quite regularly]. Liability for failing to properly check that credit is properly issued or used, which is supposed to be the reason why vendors and buyers pay exorbitant credit card rates in the first place.
Get the liability in order and regulation will the preferable alternative.
Re:Liability, liability, liability (Score:4, Insightful)
Re:Liability, liability, liability (Score:4, Interesting)
Easy. Just make libelous statements on a credit report... libel. You lost your earnest money because you couldn't get a home loan because you allegedly signed up for a credit card, maxed it out, and never repaid it? You get passed up for a job because a car purchased in your name got repossessed? You prove it, you sue the credit bureaus, you win treble damages.
Suddenly, credit bureaus would require a lot more proof before dinging your credit score, and they'd promptly correct their mistakes.
Re:Liability, liability, liability (Score:3, Insightful)
Who would benefit from such laws, who would have to spend more money.
Then ask.
Who gives money to politicians.
Then ask.
What percent of eligable voters voted last election.
By now I think you would get the point. It will never happen. Not till americans are pissed off enough to vote. The only thing I can think of that would piss them off is the superbowl being cancelled or a blackout on american idol or something. They don't care about anything else (except the fags getting married of course)
Pass it forward (Score:3, Funny)
I just got "the letter" too (Score:5, Informative)
Re:I just got "the letter" too (Score:5, Insightful)
Someone who never has the data to lose in the first place.
Re:I just got "the letter" too (Score:3, Interesting)
Precisely. How many of the organisations that collect personal data about you actually need all of that data to fulfill whatever relationship they have with you?
Re:I just got "the letter" too (Score:2)
I got mine from the VA [va.gov], too. The VA is not the Department of Defense [dod.gov], though.
-h-
Re:I just got "the letter" too (Score:5, Insightful)
That would be the most bitchin' thumb drive, wouldn't it? You could show it to all your friends and taunt them. I'd better not lose my keys or you're all screwed!
I can give you every SSN right now: (Score:3, Funny)
I agree (Score:3, Interesting)
People need to quit worrying about stuffing genies back into bottles and learn to adapt. Government, businesses, and credit agencies need to learn to adapt, as well.
Yes, you lazy schumcks, this means you actually have to read your bills and check your credit report occasionally.
Re:I just got "the letter" too (Score:3, Interesting)
Nice USB disk. Not to diminish your post, but let's do the math so people can see EXACTLY how much info would be there. 4 bytes (SSN) + 14 bytes (avg) for a name + null byte = 19 bytes each. 262 million US citizens * 19 bytes is 4.64GiB. If you keep the optimal binary format, and want to add DOB, add another 4 bytes per record for a total of 5.6GiB. First and last names are seldom unique in the US, so assume it could be compressed by 50% for a backup.
If it
Re:I just got "the letter" too (Score:5, Interesting)
Then again, hiring agencies like usajobs.gov want you to email your SSN as part of your application materials, and if you complain, they fire back some bullshit from their privacy policy...this is what they told me:
* emphasis mine to illustrate the absurdity
I never once argued about whether they could or should be asking for. I was only asking for alternative methods besides frickin e-mail on how to provide it.
Even more fun: (Score:2)
Japan has a strong law (Score:3, Informative)
I think Ice Cube said it best (Score:2, Insightful)
Re:I think Ice Cube said it best (Score:5, Insightful)
Just like the Jefferson fiasco - FBI busts down a citizen's door, it's strong justice; bust down a Congresscritter's door and it's a CONSTITUTIONAL CRISIS!!!!omgwtfbbq
Re:I think Ice Cube said it best (Score:2)
BS. In 2000, Republican aides hacked into the Windows server shares of Democratic members of congress due to an error in how the share permissions were set up (aides from both sides were "administrators" and so were able to take ownership). Strategy memos were stolen and given to Republican congressional leadership.
*NOBODY* did a damn thing. Nobody was punished. Just "tough" politics.
These are our representatives. These a
Re:I think Ice Cube said it best (Score:2)
Just like the Jefferson fiasco - FBI busts down a citizen's door, it's strong justice; bust down a Congresscritter's door and it's a CONSTITUTIONAL CRISIS!!!!omgwtfbbq
Well, to be fair, it is somewhat disconcerting to see the Executive Branch (FBI) busting down the door of the legislature (Congress) because of the implications on the balance of powers. An overly strong executive branch can be a scary thing.
Re:I think Ice Cube said it best (Score:3)
And who exactly is supposed to be policing congress anyway? This really isn't about seperation of powers in the end. Think about it. All Law enforcement comes down from the Executive Branch, so who is supposed to police congress?
Put another way. Who is in charge
Re:I think Ice Cube said it best (Score:3)
They had a warrant.
So it was the Executive plus the Judiciary taking on the Legislative.
That's exactly how it's supposed to work.
Not the best solution, but... (Score:5, Funny)
There's always the solution from Fight Club. [imdb.com]
Oops. I'm not supposed to talk about that. Forget I said anything, will ya?
Re:Not the best solution, but... (Score:2)
I can't believe you broke both those rules. You can have your name back.
Re:Not the best solution, but... (Score:2)
Class Action Lawsuit would work. (Score:3, Funny)
Me too (twice even)! (Score:5, Interesting)
Anyway to answer your question: IMO (and IANAL), the court would not force the 3rd party who's information was stolen to compensate your ID theft protection service, should you take it to a small claims court. However, if your credit record was destroyed as a result, I think you would have a better chance at winning some financial compensation for your case. So the best short-term answer I guess would be: put ID fraud alert on ASAP and unless you have spare time and a thirst for absolute justice, don't take it to court (although you could ask them nicely to compensate you, at least partially if not fully).
The long-term solution here people, is to get a god damn law passed. This is absolutely ridiuclous how much this occurs, and its usually because of poor/inadequate/incompetent security on the fault of the 3rd party containing the info. I am actually very interested in proposing such a bill to our legislative branch, but I'm an engineer and a grad student, and I have little time to spare right now. If someone is interested in moving this forward, let me know about it because I would like to do what I can to be involved. I believe such a bill should cover:
1. The circumstances under which a company/school/whatever may contain your personal information
2. The length of time under which they may retain that information (with mandatory and permanent removal after a given period of time)
3. A definition of the minimum necessary security measures a party must take when retaining another's personal information
4. Explicitly stating to the person when they will retain their information, for how long, and what security measures they will take to protect it
5. In the case of theft, if parts 1-4 are not satisfied, the party owes full monetary compensation for providing ID theft protection, and also granting the person the right to choose what ID protection service and what level of protection they want
6. In the case of theft, if parts 1-4 are satisfied, the party owes a minimal monetary compensation for ID theft protection that meets certain stated requirements.
How's that for a start?
Re:Me too (twice even)! (Score:4, Informative)
7. In the case of theft, any and all persons that may have had their information stolen in the theft must be informed within a 48 hour period upon discovery of the theft. No party may with hold or keep secret the theft any longer, or they are subject to further financial obligation to the victims.
Of course "48 hours" is something I pulled out on a whim right now, and "all persons that may be effected" can be intentionally misinterpreted by a party. In reality, if one person's information was stolen, there is a non-zero chance that everyone else had the possibility of having that information stolen.
Re:Me too (twice even)! (Score:3, Insightful)
It's a great start. All you're missing is about a billion dollars or so in cold, hard cash. That being roughly the amount of money you'd need to toss around Capitol Hill in order to buy enough politicians to ever have a shot at passing something when every financial institution, insurance company, and data-mining outfit in the country would be fighting it tooth-and-nail.
Come to think of it, I doubt a billion bucks would be enough.
I think this is going to be another area where the corp
Re:Me too (twice even)! (Score:3, Insightful)
Re:Me too (twice even)! (Score:4, Interesting)
A while back when it first came out that you could call up certain companies and for less than $100 get basically anyone's cell phone records, I remember that somebody did it to the Canadian Privacy Minister (or someone to that effect, I forget their actual title) and mailed the results to them.
Short of actually tossing tons of money at them, that's probably one of the more effective means of influencing politicians on privacy issues: make them care by putting their privacy into question along with everyone else's.
I wouldn't ever advocate anything illegal per se, but a lot of good could potentially come from a massive data theft of every member of Congress' credit histories and banking records (besides just finding out who's really on the take).
Re:Me too (twice even)! (Score:2)
So how
Don't be so quick to give it up (Score:3, Insightful)
--
http://wi-fizzle.com [wi-fizzle.com]
Sue them (Score:3, Informative)
Sue the credit reporting agencies for libel (Score:2, Insightful)
Re:Sue them (Score:2)
Look; Go after the company for negligence.
Their "cyberliability" insurance would probably cover that. The end result is their premium goes up. At what point does the expense of insurance outweigh taking the proper safeguards to protect consumer data in the first place? Either the protection (insurance) needs to cost a whole lot more or the punishment for negligence more severe. Perhaps if we start with the latter by declaring the proper criminal repurcussions we'll end up with higher (hopefully, much so
But they got A's... (Score:2, Interesting)
I would have given them an F for Loosing the F'ing Data in the First Place. But what do I know.
The problem is outsourcing. And it doesn't matter to whom or where you outsource. Now Texas Guaranteed can say, "We followed out procedures, it's not our fault." I work with a couple people who want to outsource almost every function. Why, because you have someone else to blame when there
You can place a fraud alert on your credit report (Score:5, Informative)
The easiest way to put an alert is to use the online form at Experian; alternately, you can call any of the credit reporting agencies to also set up an alert, if you want to do it by phone, instead.
The direct link for the Experian site to do this is:
https://www.experian.com/consumer/cac/InvalidateS
More advice available here for identity theft victims:
http://www.consumer.gov/idtheft/con_steps.htm [consumer.gov]
Hopefully, you will not need it.
-- Terry
Re:You can place a fraud alert on your credit repo (Score:3, Insightful)
Cheers,
-b
It's up to him to set the fraud alert because... (Score:2)
-- Terry
What I've done (Score:5, Insightful)
Instead I've gone on the defensive and assumed that my identity is already compromised. I coughed up $130 for 3 in 1 credit monitoring services (one of the big three credit bureaus has a two for one going if you call them. got a spouse?). I also keep close tabs on my credit and debit card activities, which doesn't require all that much effort since I cancelled all but 2 credit cards and my debit card. It means some money and time spent up front, but it's not too intrusive and it gives me a reasonable degree of confidence.
As long was we maintain some degree of privacy, identity theft is here for the forseeable future. I'm not saying don't hold companies responsible. I am saying realize that many companies in control of your information will be irresponsible regardless of what they can be held accountable for and that it's a good idea to take some personal responsibility for protecting yourself.
Re:What I've done (Score:2)
Use the lawyers against these guys instead. Go for a class-action lawsuit against the bureaus, the credit issuer, and anybody that leaked data. The problem won't be solved until the c
IT Information Security (Score:2, Insightful)
Not to say t
class action lawsuit (Score:4, Insightful)
Recourse? (Score:3, Insightful)
I've been hit three times myself in the last 4 months. What am I supposed to do, sue three $50B corporations?
Oh, and don't believe the neanderthals that tell you the free market lets you "vote with your business" -- not when everyone seems to be involved.
Identity Theft Protection Act bill in the Senate (Score:3, Interesting)
One is dated July 14th 2005, while the second version is dated December 8th 2005. Get off your ass and call up your senator and tell them that you feel this bill should be passed into law to protect you as either a former victim, or possible future victim. Cite some recent examples of identity theft from the news. Tell them that this is more important to you as a citizen that they are supposed to represent, compared to whatever other "important agenda" they are talking about right now in the Senate (gay marriage, starting MORE wars with countries in the name of "freedom", etc). Don't just whine and complain because no one is going to want to listen to you. Instead, push and shove so that they will be forced to do something about it!
(Cue Braveheart moment) - FFFFFRRRRREEEEEEEDDDDDDOOOOOOMMMMMM!!!!!
Oh yeah, and don't forget to buy LOTS of stock in identity theft protect companies! Citizens will win, and irresponsible parties will lose!
Not just businesses (Score:2)
Not only have two (or three? I lose track) different businesses lost my information, but I just got a letter from the Veteran's Administration that military records of tens of thousands of former servicemen and women, including me, have been lost. They were found again, and the VA doesn't *think* that the data was ever in malicious hands, but they can't really be sure.
Who can keep my records safe? No one. The only reasonable answer is that organizations, public or private, should simply not keep any i
Re: Not just businesses (Score:2)
Which suggests working on a back-end solution as well. Half the problem is that people can get your identity info too easily; the other half is that it's too easy for them to exploit it.
I saw a news story about some people who had their houses sold out from under them by identity crooks. It's preposterous that that could happen, no matter how much info about you someone has.
You should be able to sue but probably not. (Score:2)
One of my proposals.
Section 1: No sensitive information is to be stored on a Lapt
Its not your data, bub. (Score:3, Insightful)
Would this be a good time to put in a plug for a constitutional amendment that extends personal property rights to personal data?
Re:Its not your data, bub. (Score:2, Informative)
Privations (Score:2)
Nothing will change (Score:2)
Welcome to America.
Credit freeze under fire (Score:5, Informative)
Credit Freeze Under Fire [sfgate.com]
'The so-called Financial Data Protection Act of 2006 (HR3997) would also weaken state laws requiring disclosure of security breaches. In California, businesses must notify people if their personal info "was, or is reasonably believed to have been, acquired by an unauthorized person."
'Under the proposed federal legislation, such disclosure would have to be made only if a company determines that a security breach "is reasonably likely to result in harm or inconvenience" to individual consumers.
'"Basically, the company would have to know that you're a victim of identity theft before it needs to tell you that you could be a victim of identity theft," said Ed Mierzwinski, director of the U.S. Public Interest Group's consumer program in Washington.'
Re:Credit freeze under fire (Score:3, Interesting)
Another critic of that proposed law is Consumer advocate Clark Howard. His article is here:
Contact your reps over credit freezes [clarkhoward.com]
According to his article, 23 states now have credit freeze protection laws. The proposed law in congress would essentially invalidate all of these state laws. After reading both the article you mention and his, it sounds to me like congressmen LaTourette and others are more concerned about the wishes of large financial institutions than protecting average consumers. The a
Government/Corporate Personal Information (Score:2)
Nothing will change until the "important" people get their personal information outted -- and on a regular basis.
The government (Congress, President) don't really care about folks like the veterans beyond paying lipservice to the data thefts.
Now if we'd see where all the personal information of people in the Executive and Legislative branches was stolen and published we might see some action.
I'm surprised nobody regularly publishes the information of the upper management teams of the major credit r
Best solution is... (Score:5, Insightful)
That's right, cat's out of the bag. Can of worm has been opened. Too late.
Ban use of Social Security Number as an identifier, except for Social Security, like it was supposed to be in the first place.
Each business entities must use their OWN issued numbers.
Wide-reaching Identity Theft Containment problem limited to just the affected business.
Now, it is time to look into three-way public keys to ensure that consumer data is not misused:
1. Merchant/Business/Corporation
2. End-user/User/
3. Arbitrator/Government
With keys signed by each other in 3-ways, secured identification and security of data compartmentilization has been greatly enhanced.
Each and every transaction is signed, sealed and delivered by all 3 parties.
Now, let's get an infrastructure going on this...
Even Bruce Schneier [schneier.com] agrees to this.
Re:Best solution is... (Score:3, Insightful)
It's not really the use as a password that's the problem. It's that organizations use it as a freaking password!
While Spafford has demonstrated that regular password changes add nothing to security, to use a fixed unrevocable number as a password is beyound stupidity. You have to be able to tell the world, "my password has been compromised, please re-authenticate."
Most companies use your name as an identifer, even though it's non-unique. They'l
Credit Card companies make money on fraud! (Score:4, Insightful)
http://www.smithfam.com/news2/july02a.html [smithfam.com] ;-)
http://www.answers.com/topic/credit-card-fraud [answers.com]
One of the two (answers/wikipedia) plagerized the other.
http://en.wikipedia.org/wiki/Credit_card_fraud [wikipedia.org]
Make the credit card companies take responsibility. Make it them that has to pay for fraud and the situation will rememdy itself overnight!
How did we get here? SSN as private information? (Score:4, Interesting)
I don't hate the stupid companies who loose SSN numbers, instead, I'm bothered on how we as a country got into this mess into the first place.
I helped my parents this last week with a garage sale. During the sale, my mom noticed that an old table for sale had her SSN engraved in the wood! Why? Because back in the late '70s early '80s, the local police department told citizens to put a SSN on your assets in case they were stolen (Ironic, Eh?). She spent 20 minutes frantically trying to rub out her ID, she was visibly shaken.
OK, I understand the need to pass SSN/Taxpayer ID information between the Social Security Administration, IRS, Banks/Credit Unions, and your Employers.
The real problem is that there are so many other business segments who need to validate your identity, that they have piggy backed usage of the SSN as the de facto form or Identity verification. This is the real segment that needs to change their behavior!
I mean, how hard is it to go into the local Car-Toys, order a bitchin' stereo on zero money down, and forge the credit application with a stolen SSN and other personal info? And the problem is not just limited to your SSN! Your credit card number(s) have the same problem. If you know the number, expiration date, and Security code on the card, that's all it takes for many purchases over the phone or internet.
The real problem in our modern society is identity verification. Anyone who has ever forgotten a password to a website (what is up with all the different password complexity rules?), everyone who has ever wondered if that waitress is taking so long is because she is ordering a new dress from Victoria's Secret on your card, and everyone who wondered why their bank insists on a utility bill to verify your place of residence due to a clause in the "Patriot Act". You know what I'm talking about.
IMHO, what we really need in this country is not a credit score, but an identity score for identity(ies) that are independent from our SSN/Taxpayer ID (not government controlled, sorry). If I purchase a candy bar with a credit card, the level of identity verification required is low, if I purchase a new car with a loan, then I suspect the level of identity verification would be much higher! The credit score should be weighted against the integrity of the identity given too. If someone fills out a credit application with just a name, address, and SSN, then the chance for fraud is high, and the integrity of the information is low. If the person supplies a trusted smart card certificate, with a complex PIN, along with some other kind of biometric data, then the integrity is much higher.
<Sigh...>
WTF! (Score:3, Insightful)
Few things....
1. Treat the laptop like it's your own. Make sure it's always in a safe place. If you have to park in a shady area, take it with you.
2. If you absolutely MUST have data on the laptop, it should be corporate policy that the file is encrypted and passworded. The compny needs ot invest in security software. Maybe something that trashes the file once the password has been entered incorrectly more then 3 times.
Don't give it. (Score:3, Informative)
Make it illegal for them to ask.
FYI it isn't clearly illegal to ask for a SIN in Canada. But organizations can't collect information unless they have a legitimate reason to use it.
http://www.privcom.gc.ca/cf-dc/2001/cf-dc_011105_
http://laws.justice.gc.ca/en/p-8.6/258076.html [justice.gc.ca] see 4.4.1
That same law has a series on data protection, and your right to see the information they hold. A little vague, but I think the intent is clear. It would be interesting to see how many cases have proceeded.
I would like to see them add a notification requirement.
DO something when this happens to you. (Score:4, Interesting)
Re:Prepaid legal (Score:4, Insightful)
An MLM scheme will help me with my fears? Do they offer counseling to overcome these fears?
I got modded down last time...
No kidding. It's like all these free iPod sites -- you get modded down because you're just hoping people will join your MLM so that you can personally profit from their fears.
Re:Maybe... (Score:5, Informative)
Ernst & Young
Humana
AIG
Union Pacific Railroad
The State of Colorado
The State of Oregon
The State of Minnesota
Hotels.com
University of Miami
University of Kentucky
Miami University of Ohio
The YMCA
The Red Cross
The Department of Energy
The IRS
The Veterans Administration
The IRS
Re:Maybe... (Score:2)
I could certainly cope with the idea of not dealing with them...
"Get over it" and serve your masters (Score:4, Insightful)
Having no privacy isn't the problem in itself; the problem is other people exercising control over you with that information. Don't "get over it." Stand up to it.
SOX is about accounting (Score:3, Informative)
Re:Automatically Erase Data Base (Score:3, Insightful)
So ... a mechanism that relies on the stupidity of the thief ? No thanks, even though it may work in some cases.
Encryption will do the job without requiring the thief to be phenomenally stupid.