In today's' post my friends at Ephemeralaw reminded us once again about something that I am keen on. Every day there is at least one more data breach to report. It's like the sports scores two days after a weekend of games, just a bunch of numbers, but those numbers are staggering. There are no shortages of articles about the latest huge server breach, records stolen from personnel files, or about some knucklehead accidentally posting a thousand names and SSNs on the Internet, or dumping reams of data into the trash. Is there anyone left to shock? By now it is safe to say that just about everyone has heard of identity theft. I think also that we have established that identity theft is here to stay, and that for as long as non-public personal information has value to someone other than the rightful owner, it will be stolen and used.
Once the number of stolen records hit 300 million, which it did this year after just 3 short years of tracking such things, the numbers begin to have little meaning. Eight years ago someone stole my identity by opening multiple accounts in my name, and had a very good time at my expense. I really didn't care how many millions of records had been stolen, or from which database mine was stolen for that matter. All I wanted was a solution to my problem. Back when it happened to me there was little help available. The laws had not yet been passed that would have given me the tools to deal with it, and certainly the proliferation of identity theft products and services did not yet exist.
Here we are at the end of 2008. Great identity theft products do exist now. The federal and state laws in place not only afford the victim with recourse, but mainly they point out directly to the companies and other data aggregators that they are responsible for the information they are entrusted with.
Ladies and gentlemen, there are no excuses. The companies should know what to do by now. And I don't mean simply throwing software at it. That never did work. All the software in the world will not affect a culture of insecurity. You have to change the habits of the individuals who handle the data. Security is a top down policy effort and education is the key to changing the way information is treated. And every individual needs a quality identity theft service. If someone decides not to opt for a good effective service and becomes a victim of identity theft, shame on them. An identity theft program is not insurance. It is the most direct way to protect the integrity of all of your records in thousands of databases throughout the country.