Larry Dignan over at EWeek.com asks us how much our personal data is worth. He proposes “Stiffer fines, Safter Data“. I agree and disagree; stiffer fines will eventually lead to safer data, but it won’t happen right away. Enterprises need maintainable solutions and process that work first. In my opinion, identity theft lawsuits and media frenzy will drive this “solution”.
How much is your stolen, used, and abused identity worth to you? Is $1000 enough? Has your identity been stolen? How much did it end up costing you money and time-wise?
Last night the 10 o’clock news said that the Oregon Department of Revenue would be sending letters to the individuals at risk. I’m an Oregonian and I’m hoping I didn’t make the list. It was rather amusing when the news station asked random Portland citizens their thoughts on the matter and they were more aghast with the fact that a Department of Revenue employee was surfing porn at work! Amazing… what is it going to take to wake up the public so they see the root of this identity theft problem?
The article is a reactive statement to the 26.5 million veterans information that was stolen a while ago and starts out hopeful with a great inspirational quote:
“It’s an emergency at the VA, and it should be an emergency in our society,”
but then starts to take a roll down hill with:
Rep. Tom Davis, the Virginia Republican who heads the committee, said the incident had prompted him to weigh changes to a law called the Federal Information Security Management Act of 2002, which outlines procedures federal agencies must undertake in order to protect their data and systems.
I wonder, is it the actual incident that prompted Tom OR WAS IT THE FACT THAT THE VETS ARE SUING? Hope spirals back into the vast wasteland of stolen identity when the article goes on to say:
That law requires agencies to notify law enforcement and internal inspectors general when a breach occurs, but it does not require notification of potential victims or the public. It must be updated to include penalties, incentives and “proactive notification requirements,” Davis said, adding that he is “troubled as the number and scope of losses continues to expand.”
So if I understand right, once you let my data get stolen you’ll find it in the goodness of your heart to tell me (instead of me finding out after my bank account is drained). That’s proactive? I think not. Proactive is encrypting my data and being certified to manage my data. Ugh..This is pathetic.
Is it the fact that I work in a security group and this stuff naturally flows through my inbox or has the last week been a stolen data fiesta?
Hotels.com customers data is stolen and Greg is MAD (WARNING! Don’t make Greg mad, it’s not pretty. Well, sometimes it’s humorous to watch… If you have the opportunity to rib him a little bit someday in person just bring up how slow Microsoft Virtual Server is and you’ll see traces of the mad Greg. Mad level 3 out of 10). Anywhooo, Greg not only rants about how pathetic security is in the industry but offers some practical advice on knowing how secure a company is by their certifications. Good stuff.
Data lost on all 2.2 million (nearly all) active duty, reserve and guard members.
Are you a blogger or blog reader? Are you a fan of syndication? Let me present the latest in geek t-shirts for RSS. I had this one on the back burner since I started this blog in December of 2005 and finally sat down to create it tonight. This master-piece is titled “Feed Me” (I won’t be offended if you consider it a master-POS). The image below requires ShockWave-Flash. If you can’t see it, just go to Zazzle.com where this little beauty resides. Do you hate black t-shirts or would rather a sweat-shirt or tank top? Zazzle has a huge product line-up that you can place this advertising gem on. Gem you say? Yes, this is THE official RSS icon to be recognized by a cajillion internet users by 2007. TRUST ME. Don’t be a “wanna-be” by displaying your syndication spirit in 2008. Get this frickin’ thing on your chest now!
Ho-hum, more user data stolen, yawn… This time only 1.3 million borrowers Social Security numbers from the Texas Guaranteed Student Loan Corp. Interestingly enough, this time it was encrypted for transport but then decrypted by the data management company Hummingbird Ltd. After decryption the hardware that it was on was “lost”. Lost? <Insert snide comment here>.
Yet more personal information is stolen, this time from our Veterans. Don’t act so surprised. This one seems to be getting some pretty good press though. Will it change anything? Doubt it. It’s just another instance to add the simmering pot. Someday the pot will start to boil, and then eventually boil over. Who will make them stop and listen? Maybe Brad Pitt and Angela Jolie? Save us Brangela, save us from this wretched mess.