« Support Grows for Wicca Marker on Soldier's Grave -- Beliefnet.com | Main | And we get to put up with these imbeciles »

A Standard of Care

If you bring your rolex watch to the jeweler for repair, you sign a series of papers and take a receipt with you when you leave. Your watch is then in the care of the jeweler, and if it is lost or destroyed, the jeweler's insurance will replace it for you. Why is it that when we turn over something even more valuable, the caretakers seemingly have no responsibility whatsoever to you for its loss?

Your jeweler keeps your watch in a locked cabinet in a locked store with alarms and sometimes security guards. Where is your personal data kept? Do you even know? Every time a credit card company asks you for your social security number, or a health insurance company demands it to write you a policy, ask them what procedures they have in place to protect your data from identity thieves. Your name and SSN is all it takes to go through and get all kinds of information about you, which can be used to access your money, your medical records, your personal property, etc.

So what's my point? If each and every company who requires you to give your personal data to them was required to use their best efforts to protect that data from unauthorized access, and if there were sanctions against companies who do not, including the companies being solely responsible for cleaning up your credit if that information is misused, you would see a significant change in the way your data is collected and stored.

I firmly believe that once responsibility is transferred from you to a random company, a number of changes would take place. First, the amount of personal data required would be lessened. Second, the data that IS required would be encrypted, and would not be transferred to employees laptops where it could be stolen. Backup tapes would be transferred with greater security, as is other valuable property. Third, and related to the first point, perhaps companies would stop attempting to identify individuals by use of their social security numbers, and would instead issue random numbers for identifiers.

It really isn't rocket science. Day after day we hear of yet more personal data being compromised by ridiculous carelessness of employees of companies and/or agencies who should know better (sometimes in direct violation of company or agency procedures). Day after day we hear of those who have been victimized because of these breaches. Yet when do we hear of the data collection organizations stepping up to the plate to further protect our information, or to help clear up a credit report that has been trashed? It's time to shift the burden and create a standard of care for our personal data that is at least as extensive as that for valuable personal property.

Posted by mikki on June 21, 2006 11:17 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)