Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Big fines for big breaches: The only way to stop shoddy security

Paul Venezia | Feb. 4, 2014
Companies that profit from data collection should be held financially accountable when they fail to secure what they store.

Target is somewhat of a special case. The company has long been known for its extensive customer data collection and data mining. Stories detailing how Target knows you're pregnant before anyone else does shine a little light on how much data Target collects and how it's used. When that data is stolen, it can be spun for all kinds of nefarious purposes.

Target claims this data was not stolen in the recent breach, but forgive me if I'm a little dubious about the veracity of that statement and the security protecting that data. If Target can lose 100 million credit cards and other customer data, you have to assume it can lose the rest of it just as easily.

Using cash everywhere isn't an option for most people, and it's becoming more difficult and expensive all the time. Banks and credit card companies should be championing a universal opt-out that is enforceable. If you opt out of data collection with your credit card or bank, no retailer should be able to store or use any information related to you or your purchases at any point in time. Your credit card information exists in their systems only as long as is required for payment processing, then is scrubbed. A record of your purchase may be retained, but it should not contain any sensitive information.

Given the choice, I wonder how many people would opt out. The national Do Not Call Registry suggests the number would be extremely high. This wouldn't please retailers like Target, which use that data extensively to drive business decisions, but too bad — you broke it, you bought it. I just hope it doesn't take another half-dozen massive data breaches like this to finally result in fundamental change.

By the way, this is nothing compared to all the data the NSA has been collecting and what might happen if that data was exposed. Above any other discussion on the legality and ethics of what the NSA has done, that threat alone should be enough to scuttle the whole program. Alas, I have very little faith in that, perhaps about as much as I have in Target's security systems.

Source: InfoWorld


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.