Wouldn't you want to know if your bank lost your data?
By silicon.com
Published: 3 April 2006 14:10 GMT
It goes without saying that most people, in business at least, only admit a mistake for one reason – because they realise they're going to get caught anyway.
Nowhere is this more clear than with the issue of disclosing data loss. In California all companies are required by law to inform their customers when data has been breached or lost.
Now the whole of the US is looking to introduce such a law and we can only hope the UK and the rest of Europe follow in step.
Why? Currently identity fraud is seeing something of a migration from the US to Europe, according to Bryan Sartin, VP investigative response at Cybertrust.
And part of this is to do with the culture of disclosure. Companies who aren't bound by law tend to gamble where data loss is concerned. They weigh up the chance of that lost data coming back to haunt them against the threat posed to their reputation of disclosing.
They will typically wait as long as possible, Sartin told silicon.com, and even then will only disclose if they have good reason to believe data is indeed at risk. It goes without saying the warning signs may include evidence that some level of identity fraud has already occurred.
Inaction at such a critical time is seen as a positive step, at least as far as shareholders' best interests and the company's reputation are concerned. However, it can also provide the final factor fraudsters need to act effectively - time.
And in the US that time is now diminishing. Even those companies not required to disclose by law are starting to do so, because disclosure has unsurprisingly raised the awareness of how common a problem data breaches are. And companies therefore see some dilution of the reputational impact while doubtless resolving to tighten up next time.
In an ideal world data breaches wouldn't occur but we realistically have to plan for the fact they do. And most importantly, as consumers we have a right to know how safe our data is.
Just because you don't know that your bank has suffered serious data breaches, it doesn't mean they haven't happened. And the room for manoeuvre afforded by no requirement to disclose losses hardly encourages a thorough review of data management.
A lack of disclosure therefore breeds insecurity. It creates the window of opportunity for the fraudsters and it muddies the waters for consumers hoping to make informed choices.
We must demand to know the facts.
IT Designer / Architect - Fraud FPSG's blue chip client wish to source an experienced Technical specialist who can bring high level design, technical ...
Key Responsibilities: Prepare and compile bids and tenders to reflect the company`s corporate identity that satisfy commercial and technical ...
(Falcon Specialist, Falcon Consultant, SME Consultant, Fraud Management, Financial Services) Falcon SME Consultant 3 months initially Flexible ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Beecham and Belinda Doshi
No more tax breaks for offshoring?
Financial services firms must prepare now for 2010 legal changes
Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford
Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO
Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to
Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively
Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...