Saturday, July 14, 2007

Recent privacy issue #2

This is from an AP report from July 3.
Fidelity National Information Services, a financial processing company, said Tuesday a worker at one of its subsidiaries stole 2.3 million consumer records containing credit card, bank account and other personal information.

The employee sold the information to an unidentified data broker. The broker then sold it to several direct marketing companies....

About 2.2 million records stolen from Certegy[, the Fidelity subsidiary,] contained bank account information and 99,000 contained credit card information, company officials said.
The company says that the information was not used for any nefarious purpose such as fraud or identify theft, but somehow I don't find that very reassuring. For one thing, the information is now out there. Fidelity says the marketing companies have been asked to return it but will they and even if they do how many people have had access to it in the meantime? Fidelity also insists that the marketing companies didn't know the information was stolen, which makes me wonder what sort of "see no evil" standards are followed in the industry: Somebody shows up offering to sell 2 million records and no one asks how they came by them?

Another issue is just how much of the personal information stored was actually necessary for Certegy to do its job. Maybe it all was. But did anyone think about that, did anyone ever think "Do we really need to keep this on file?" And how about "Do we still need to keep this on file and if not why hasn't it been deleted?"

And one last thing this raises: There has, of course, been a great deal of corporate and government worrying, hand-wringing, and posturing over identify theft. But have you noticed that most of what we get told is how to recover from identity theft and most of the rest is how to discover identity theft and almost nothing is about how to prevent identity theft, while those same companies and government agencies keep demanding we turn over to them the very sorts of information that make identity theft possible?

No comments:

 
// I Support The Occupy Movement : banner and script by @jeffcouturer / jeffcouturier.com (v1.2) document.write('
I support the OCCUPY movement
');function occupySwap(whichState){if(whichState==1){document.getElementById('occupyimg').src="https://sites.google.com/site/occupybanners/home/isupportoccupy-right-blue.png"}else{document.getElementById('occupyimg').src="https://sites.google.com/site/occupybanners/home/isupportoccupy-right-red.png"}} document.write('');