P.I.: Its 11 o'clock do you know where your identity is?
PRIVATE EYE: Missing Identidata
Identidata is how I refer to your personal identity that is stored on a multitude of computers as binary data. So just how safe is the identidata?
Bank of America (BoA) reported last week that during the latter part of 2004 several magnetic data tapes were missing. The tapes contained credit card accounts, social security numbers, and other personal information of 1.2 million US Federal employees, including 60 US Senators. The data on tapes was not encrypted.
The missing tapes were part of a larger shipment of tapes to the company's backup center. BoA says there is "no evidence yet" of identity theft or fraudulent use of the information. The word on the web is the tapes were lost by airport baggage handlers so it is still unclear if it was a targeted theft or haphazard handling.
I report the above not to knock BoA but to show another example of the symptom we face with our identidata. For the non-IT (Information Technology) readers it is mandatory that computer data is backed up (archive) on a regular basis. Anyone that has experienced a hard drive failure understands the need to recover data. It is also good business practice to store the archived data offsite. Everything that BoA did was normal (and wise) business practice. Except maybe the fact the tapes were not encrypted but very few data centers have the resources (time, money, hardware) to encrypt backup tapes. We may see a change after the BoA incident. Even encrypting data is useless against motivated thieves.
On 2/16 I wrote about identidata theft from ChoicePoint. Legally the only people they are required to notify are California residents. And filings with the Securities and Exchange Commission indicate that ChoicePoint is only notifying Californians that had identidata compromised during a 15 month period. Why only 15 months? Because that is when the California notification law took effect. It might be a bad assumption on my part but this implies ChoicePoint is aware of potential identidata theft that occurred before July 1, 2003 (start of the law).
For more examples of breeches in identidata see my 1/22 blog "P.I.: The Tale of Two Universities"
Radical change is needed to protect individuals. The California notification law is a tiny start but it addresses the problem after the fact. It is good to have an alarm warn you the toilet overflowed but I would rather not have to deal the mess to start with. Perhaps the BoA missing tapes will be a thing since it impacts Senators. One idea that has merit is multiple social security numbers that would be used for different categories - medical, taxes, employment mortgage, financial. If you had a different number for each financial account (banking, credit card, etc.) it would limit your exposure if one of the numbers was compromised. Then we would need strong laws to protect your identidata by the credit bureau type agencies.
A Security Credit Freeze is one such law already in place in California and Texas (although you have to be an identity theft victim in Texas to use it) and eleven other states are considering the legislation. In a nutshell the freeze law would give you, the consumer, the right to place a security freeze your credit report which prevents anyone from accessing your identidata for the purposes of granting credit. If a lending institution cannot access your identidata they will not approve credit, thus stopping an identity thief from getting credit cards and the like in your name. If you wanted to apply for a loan you would have to remove the freeze until the credit check was completed. Credit bureaus and many creditors oppose such legislation. We the people need to speak up and make our voices heard.
For more information about protecting your financial privacy visit Consumer Union's financialprivacynow.org
She left me here stranded like a dog out in the yard
Identidata is how I refer to your personal identity that is stored on a multitude of computers as binary data. So just how safe is the identidata?
Bank of America (BoA) reported last week that during the latter part of 2004 several magnetic data tapes were missing. The tapes contained credit card accounts, social security numbers, and other personal information of 1.2 million US Federal employees, including 60 US Senators. The data on tapes was not encrypted.
The missing tapes were part of a larger shipment of tapes to the company's backup center. BoA says there is "no evidence yet" of identity theft or fraudulent use of the information. The word on the web is the tapes were lost by airport baggage handlers so it is still unclear if it was a targeted theft or haphazard handling.
I report the above not to knock BoA but to show another example of the symptom we face with our identidata. For the non-IT (Information Technology) readers it is mandatory that computer data is backed up (archive) on a regular basis. Anyone that has experienced a hard drive failure understands the need to recover data. It is also good business practice to store the archived data offsite. Everything that BoA did was normal (and wise) business practice. Except maybe the fact the tapes were not encrypted but very few data centers have the resources (time, money, hardware) to encrypt backup tapes. We may see a change after the BoA incident. Even encrypting data is useless against motivated thieves.
On 2/16 I wrote about identidata theft from ChoicePoint. Legally the only people they are required to notify are California residents. And filings with the Securities and Exchange Commission indicate that ChoicePoint is only notifying Californians that had identidata compromised during a 15 month period. Why only 15 months? Because that is when the California notification law took effect. It might be a bad assumption on my part but this implies ChoicePoint is aware of potential identidata theft that occurred before July 1, 2003 (start of the law).
For more examples of breeches in identidata see my 1/22 blog "P.I.: The Tale of Two Universities"
Radical change is needed to protect individuals. The California notification law is a tiny start but it addresses the problem after the fact. It is good to have an alarm warn you the toilet overflowed but I would rather not have to deal the mess to start with. Perhaps the BoA missing tapes will be a thing since it impacts Senators. One idea that has merit is multiple social security numbers that would be used for different categories - medical, taxes, employment mortgage, financial. If you had a different number for each financial account (banking, credit card, etc.) it would limit your exposure if one of the numbers was compromised. Then we would need strong laws to protect your identidata by the credit bureau type agencies.
A Security Credit Freeze is one such law already in place in California and Texas (although you have to be an identity theft victim in Texas to use it) and eleven other states are considering the legislation. In a nutshell the freeze law would give you, the consumer, the right to place a security freeze your credit report which prevents anyone from accessing your identidata for the purposes of granting credit. If a lending institution cannot access your identidata they will not approve credit, thus stopping an identity thief from getting credit cards and the like in your name. If you wanted to apply for a loan you would have to remove the freeze until the credit check was completed. Credit bureaus and many creditors oppose such legislation. We the people need to speak up and make our voices heard.
For more information about protecting your financial privacy visit Consumer Union's financialprivacynow.org
0 Comments:
Post a Comment
<< Home