Personal Data Exposed! Can Legislation Fix It? 154
rabblerouzer writes "Millions have had their personal information stolen because of lax security and may not even know it because of the patchwork of state laws that fail to mandate timely notification of victims. Boston-based law firm Mintz Levin is seeking feedback on what you would like to see included in draft legislation."
Criminal Identity Theft (Score:5, Interesting)
I'll be writing something to these guys. If you're interested in what I've been dealing with, my story starts here:
http://g27radio.blogspot.com/2007/04/think-youre-
Accountability (Score:5, Interesting)
Recap:
Required disclosure
Jail for those that purposefully avoid disclosure
Large fines for breaches
Change the cost/benefit to discourage hoarding (Score:3, Interesting)
Legislation that provided a penalty for holding inaccurate personal data about someone would strongly discourage people from grabbing personal info just because they can. If bit-rot in personal-info databases had legal consequences, people would be more careful about what they collected, and would take the trouble to verify its integrity. It'd be harder to sell a database like that, too, since the buyer would want the means to keep it up to date. Also, you can bet that every personal-info-storing website would switch to an "opt-in" model about as fast as their lawyers could say "liability risk".
The major downside would be that it would disproportionately hurt small organizations. Sadly, I don't have a solution for that.
Legislation has never fixed anything. (Score:3, Interesting)
Honest people obey them but criminals do not.
What it will take is to enact a DEATH PENALTY for computer crimes / identity theft.
That's right, strap the bastards down in Ol' Sparky and televise it to the world.
Two or three public executions and the problem will pretty much go away over night.
Do it from another country you say? No problem. Send a Special Forces hit team to kill them in the dark of night.
Seriously though, one day someone is going to get really, really pissed off and they'll go get a pound of flesh from the companies that allowed the data breach to happen. It's only a matter of time.
There are a lot of unhinged people on the edge as it is now.
This has gone on way too long. Enough with the useless laws, let's start up public executions.
Re:Accountability (Score:3, Interesting)
How about restricting the collection and storage of personal information in the first place? How many companies REALLY need your SSN? How about schools? Do THEY need it? Really? Can we ban the use of SSN's as primary identifiers? How about a federal registry where collectors would have to register that they have personal information about someone, and allow the person to request that the info be removed (obviously need exceptions to this...) How about requiring written approval for businesses wanting to share your data with others? The honest truth is that most businesses have no need to store all that data in the first place. How many web sites want your birth date? Do any of them really need it? with VERY few exceptions, the answer is a definitive NO.
A simple fix I'd like to see ... (Score:3, Interesting)
The only problem is that the alert must be renewed every 90 days. To get a permanent Fraud Alert, you must prove you've already been a victim of identity theft - essentially closing the barn door after the horse has gotten out.
Consumers need to have the right to request a permanent alert without question, and for any reason. I am long past the point in my life where I need instant credit. I can afford to wait long enough for the credit agency to call me if I need to open a new account. Of course, the credit agencies will fight any such measure tooth and nail (the 90 day alert had to be forced upon them by law), but unlike some proposals I've read so far, this one is actually doable with a realistic amount of effort on everyone's part.
Re:More laws are the key ... to EVERYTHING (Score:2, Interesting)
Re:More laws are the key ... to EVERYTHING (Score:3, Interesting)
Unfortunately, that's how a lot of laws get written. Law firms, think tanks & lobbying organizations write up their wish list and then sweet talk Congressmen or Senators into submitting it.
This happens at both the Federal and State levels.
Maybe the public representatives (in reality, their staff) should be writing up the rules.
"Oh, but we like this set of rules!"
My response: think of all those laws you didn't like.