The Security Gap
In the past 16 months, over 88 million people in the United States alone have had their identity compromised as a result of database breaches. Banks, credit unions, universities, healthcare providers, retailers, data aggregators, government agencies, and others have been hit. Some of them, even multiple times.
Security breaches of personal identifying information are accelerating and putting all Americans at HIGH risk for identity theft. If you want to view the national “how and who” list of data breaches, visit www.privacyrights.org.
The growing epidemic of identity theft and the trend of database breaches are causing giant waves of security changes in the way business is managed. Employers must comply with increasing identity theft and privacy laws at the state and national levels. These laws dictate security guidelines.
Personnel files, benefits data, payroll and tax data are all vulnerable, often to insider theft according to the Federal Trade Commission. Does your company have a written data security plan to protect the data of employees, customers, and vendors? Has it been implemented? Is there on-going maintenance of the plan? Does it meet the ever-changing environment, personnel, and computer security needs?
ComputerWorld.com advocates that even though data security is your IT Department’s job, it isn’t a problem that IT can completely solve. The solution, however, will help close the security gap. It takes non-IT employees to make security a priority so IT employees can make it a reality.
In addition, if identity theft (not just a data breach) is traced back to your company, how would this be handled and what affirmative defense solution does your company have in place that would hold up in court?
By the way, did you know that Arizona, Nevada, and California lead the nation for identity theft?
Lois Hale, M.S.
3 Comments:
How can we get accountability from these corporations that just do not seem to care. I believe corporations around the world, not just in the U.S. (ie. ING data breach)think it is easier and cheaper to turn a blind eye rather then pay for the training of employees or implementing true security measures. What do you suggest we do?
You make a very good point. The Federal Bureau of Investigation in a Congressional Report stated that because companies (1) fear a loss of business from reduced consumer confidence in their security measures or (2) from a fear of lawsuits, many intrusions (hackings) are never reported.
The identity theft and privacy laws put the burden of proof on the employer/business owner to show due diligence to comply. Negligent and non-compliant violators of FACTA will find themselves facing hefty state and federal fines (per identity theft case), class action lawsuits, and responsibility for all attorney fees. In addition, some laws (like HIPAA and GLBA) require a prison term for responsible decision makers, (like officers and Directors) who also will be held personally liable for a civil penalty. Sometimes it takes a financial crisis that hits a company before its decision makers will change business practices. The penalties of identity theft laws can bankrupt small business owners.
Thanks to the media and Internet, public awareness to the complexity of identity theft is growing. Education by means of facts and actual case stories about identity theft and IT security is key. There is a cost-to-business formula for identity theft cases and the fines and fees of FACTA. The formula disproves the myth that “turning the blind eye is cheaper.” Also on record within the IT community, are facts proving that investing in appropriate security protocols is cheaper than the cost of “cleaning up” after a data breach or identity theft.
Any company/business owner who neglects to establish safe business protocols for employees, customer service, handling of data records/files, and managing facilities is inefficient and vulnerable. Employees have a responsibility to themselves and their employer to speak up—tactfully identify security challenges and offer suggestions and solutions. They may need to provide documentation from credible guidance resources such as the Better Business Bureau, www.privacyrights.org, or www.ftc.gov. Employees who seek professional development in knowledge and skills regarding security and identity theft will increase their value to the company.
If employee efforts to create security improvements fall on deaf management ears, then I would seek employment with a company that does care.
Lois Hale
Reno, Nevada
Mike, Try not to get too warm and fuzzy because of your paper shredder... I think we all wish it were that easy
Post a Comment
<< Home