Skip to content

DBAzine.com

Sections
Personal tools
You are here: Home » Blogs » Craig Mullins Blog » Craig Mullins: Perspectives on Database Management » More Data Breaches and Problems
Who Are You?
I am a:
Mainframe True Believer
Distributed Fast-tracker

[ Results | Polls ]
Votes : 1984
 

More Data Breaches and Problems More Data Breaches and Problems

It sure seems like we have reached the tipping point for data breaches - there are new ones reported almost on a daily basis.
Just a quick entry to keep track of the most recent data breaches and data security problems reported the past couple of weeks (since my last blog on the topic: Data Privacy, Sharing Tax Data, and a New Hippocratic Oath). According to the Federal Trade Commission, ID theft cost American consumers $5 billion and businesses $48 billion last year. Dealing with data breaches is an important topic and it will continue to dominate the news until government regulations and better corporate behavior team up to "resolve" the problem.

Now let's take a look at some of the recent data breaches in the news:

  • InfoWorld reports: A database problem with a U.S. domain name registrar exposed sensitive financial and personal information relating to thousands of domain name registrations, a Dutch company said Friday.
  • Computerworld reports: an employee at Progressive Casualty Insurance Co. wrongfully accessed information on foreclosure properties she was interested in buying.
  • Computerworld also reported: Personal information of state employees in Florida may have been compromised after work on the state's payroll and human resources system was improperly subcontracted to one or more firms in India.
  • So what is being done about all of these data breaches? Well, the US House of Representatives is doing something. In late March 2006 the U.S. House Energy and Commerce Committee passed legislation forcing data brokers to disclose security breaches to the public. The Data Accountability and Trust Act (or DATA) would place new requirements on data brokers to notify the public if there is a "reasonable risk" of identity theft associated with a data breach. I think this could be a good first step. (More about the Data Accountability and Trust Act can be found in this article at Internet News.

    Also, it is important to note that 22 states have passed laws requiring that individuals be notified of security breaches. The catalyst for requiring companies to report data breaches to affected customers and individuals was the California data breach law enacted in 2003. The Consumers Union web site provides lists of states enacting security breach laws and security freeze laws.

    For those questioning the difference between a security breach law and a security freeze law: a security breach law defines who, when, and how to contact people whose data has been surreptitiously accessed. A security freeze enables consumers to stop identity thieves from getting credit in their names. A security freeze locks, or freezes, access to consumer credit reports and credit scores. Both are important.

    Keep checking back here for more information about data breaches and data security. I'm going to keep me "eyes open" and on top of this topic here.

    Friday, April 07, 2006  |  Permalink |  Comments (0)
    trackback URL:   http://www.dbazine.com/blogs/blog-cm/craigmullins/blogentry.2006-04-07.8624684295/sbtrackback
    Craig Mullins
    Data Management Specialist
    Bio & Writings
    Subscribe to my blog Subscribe to my blog
    « February 2007 »
    Su Mo Tu We Th Fr Sa
            1 2 3
    4 5 6 7 8 9 10
    11 12 13 14 15 16 17
    18 19 20 21 22 23 24
    25 26 27 28      
     
     

    Powered by Plone