Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

It's time we hold companies responsible for data breaches

Paul Venezia | June 5, 2014
Data security regulation is the only measure keeping retailers from burning us all, over and over again.

Laws have never been able to keep up with the pace of technology. Tragically, it often takes a highly publicized event of gross malfeasance to rattle the legal system into enacting measures that address the gap.

The lack of stoplights and driving laws at the advent of the automobile, the dearth of workplace safety regulations in the age of the American sweatshop -- time and again, tragedy precedes legislation, even when common sense would suggest otherwise. And with the onslaught of technology only accelerating, we place ourselves increasingly in the crosshairs in more and more corners of our daily life, with little legal aid in sight.

Take the Triangle Shirtwaist tragedy in 1911. The technological advances of the sweatshop era, which enabled large numbers of workers to be packed into tighter quarters to mass-produce goods with the aid of machines, came with little attention to laws to ensure safety -- including prohibitions against locking employees in a workshop. But that's what Triangle Shirtwaist company owner Max Blank did, same as many other factory owners of the era.

Not only did Max Blanck get off scot-free for the deaths of the 146 Triangle Shirtwaist employees who died when a fire swept through the locked factory, but when he was arrested a few years later for locking the doors to another factory with workers inside, he was fined a mere $20.

Many people might have had the forethought to realize that locking people inside a building would lead to serious problems, but clearly this concept eluded the owners, or they had enough of a financial incentive to act otherwise. Subsequently, we have laws that expressly prohibit the act. It also allows us to prosecute those who violate such laws. 

The way things are today, we may need to see the Internet burn to the ground in the United States before we can muster enough popular support for an open Internet. It's appalling to those of us who have the brainpower to see the end result of the Comcast-Time Warner Cable merger, the AT&T-DirectTV deal, and the pathetic "regulations" proposed by the FCC. The gruesome outcome of these events is easily predictible. Yet here are the powers that be, ignoring the smoke.

What other industries will have to burn to the ground before we act to reduce the damage that can be caused by a lack of commonsense legislation? The retail industry and credit-card processing, most likely. I've spoken out about this before, following the last massive security breach, but it's apparently happened again.

I don't have all the details yet, but I received a call from Capital One last Thursday informing me of a security breach that allowed criminals to steal credit card information. As a result, my credit card has been suspended and must be reissued. I asked which specific retailer was responsible for the breach, but the call center representative did not have that information. I'm not surprised -- there are no legal requirements for a company to divulge these events. And it may not have been a retailer; it may have been a credit-card processor, like Global Payments or Heartland Payment Systems.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.