ID Theft Could Happen to You
Last time I wrote about ID theft, I asked if the reason no one seems to care about the issue (a conclusion reached by the unscientific method of counting the comments on my previous ID theft posts) was because people considered ID theft an issue for financial services firms or other companies that handle a lot of customer data. In other words, it’s easy to take an it-would-never-happen-here attitude. Someone responded with the following:
So what if sensitive info was stolen [regarding] about 10,000 customers? It’s not the company’s identity that will be stolen. It’s not the company that will spend months trying to repair the damage. As long as there is no penalty, companies will not care. And CIOs won’t either.Well, this is as close as we have come to date to a company having its ID stolen. If my credit card company lost my personal information I would probably call an 800 number and yell at the person with the misfortune of answering the phone. If my company lost my personal information I would probably go downstairs to the IT department and yell at the CIO. IT’s reputation in the company would probably be shot, the board might have to sacrifice the CIO in order to placate irate employees and someone somewhere might try to organize a lawsuit.
I feel like I’m beating a dead horse a little bit, but I really think that CIOs should be scared out of their minds. This is just the sort of issue that Congress likes to get involved with, and if they do, you can bet it will result in a broad sweeping measure that will require Sarbanes-Oxley-like procedures for security.
One other quick note. An article from Monday’s Washington Post discusses lobbying by high tech companies and trade groups. It’s a fun read if you are interested in that kind of thing.
Sign up for the latest on security.
