Taking Responsibility for Our Own Privacy

Oct. 27, 2008
The resources to protect private information are already in our hands.

The rising tide of high-profile privacy breaches has stirred the issue of privacy risk management in recent months. Major companies have seen confidential client files hacked and exposed, while the flood of individual identity theft is at all-time highs. Not unlike the general American public, many domestics companies' understanding of privacy and security has little basis in reality. While we all embrace the wonders of the Internet and the business boons it can bring, only recently have we begun to recognize the pitfalls that come along with it as well.

“In many cases it is simply a lack of awareness and not having the resources to monitor the problem,” said David Benton, a member of The Home Depot’s information protection team. “Security remained an afterthought in some instances among smaller companies until recently. Now many are scrambling to catch up because of either perceived or real threats.

“People get so wrapped up in thinking the only way to solve privacy issues or protect company data is by throwing a lot of money at the problem. But in most cases there are usually standard processes in place. You just need to make sure that the data is secure and business procedures are followed,” Benton continued.

It comes as no surprise that recent privacy breaches at ChoicePoint and other top companies have prompted a knee-jerk reaction from the U.S. Congress. The House is discussing legislation that would deny investigation companies access to Social Security numbers. This would greatly hinder these companies' ability to track ID theft criminals and to help victims restore their identities—meaning it may actually do more harm than good. The National Council of Investigations and Security Services (NCISS) contends that state licensing processes and existing laws, regulations, standards and restrictions already protect the access and distribution of personal identification information, so new legislation is unnecessary.

Benton agrees. He believes there would be sufficient safeguards in place to protect personal and business assets if people would only adhere to security policy. “We need to have government work with business to plan and implement security legislation that will survive the long haul and is not made to simply band-aid the bigger problem,” Benton said. “Americans tend to over-think and over-engineer problems. We need to address our privacy issues with security, not obscurity.”

Lack of simple IT security knowledge creates many a nightmare according to Benton, who stated that a large percentage of small to medium mortgage companies transact business each day on the Internet without encrypting their clients' personal data. “That is the kind of thing that keeps me up at night. The fact that many business who are involved with sensitive personal data don’t even know or follow basic security information protocols scares me! Protecting vital personal data doesn’t require whiz-bang solutions or Fort Knox. Just common sense.”

If you have any questions or comments for Steve Lasky regarding this issue or any other, please e-mail him at [email protected].