The titanic struggle pitting high-tech Goliath Apple against the nation's top law enforcement agency the FBI has turned into a blood sport with both sides refusing to budge. The case has received breathless news coverage, but a linchpin issue has been glossed over in the hostile confrontation.
The courtroom drama has focused on Apple's contention that allowing the FBI access to the data on an iPhone used by a San Bernardino terrorist would compromise the security of its product. Other high-tech companies, such as Facebook and Google, have joined in support of Apple's position.
The open warfare between Apple and the FBI is just a symptom of a larger issue that requires a national debate. Ultimately, the case spotlights the growing public concern over the safeguarding of personal data. It's an issue with implications far beyond the Apple dispute.
Every day consumers are virtually forced to disclose mountains of personal data to open a bank account, apply for a credit card, sign-up for Social Security, obtain wireless service, acquire a home mortgage, secure a U.S. passport and procure health care coverage. And that's just a partial list.
Consumers have little choice in the data they must provide. Social Security numbers, bank account information, personal medical data, telephone numbers, previous addresses, debts, gambling losses and even skirmishes with the law must be revealed for basic services and benefits.
All that information is primarily stored on computers at thousands of businesses, government agencies, banks, medical facilities and data firms. It no longer belongs to the consumer, who is at mercy of these entities to protect their personal data from cyber thieves who troll the ether world.
Unfortunately, companies and governments have done a lousy job of protecting the data.
The non-profit Privacy Rights Clearinghouse found that from 2005 to 2009 data crooks stole more than 497 million records containing sensitive personal information. Research by the Ponemon Institute showed that 85 percent of U.S. firms had experienced at least one data breach.
The list of companies that have suffered data violations reads like a Who's Who of Corporate America: Home Depot, Hyatt Hotels Corporation, Anthem, Wendy's Restaurants, Sony Pictures, Target, JP Morgan Chase, Citibank and the federal government's Office of Personnel Management.
The problem is widespread and growing worse. Some 44 percent of consumers report having their personal information pilfered as a result of a data intrusion, according to a recent research report entitled, "Retail's Reality: Shopping Behavior After Security Breaches."
Businesses have a vested interest in data protection. Breaches have cost firms billions of dollars to repair systems, defend lawsuits, pay fines and inform consumers. More importantly, research chronicles businesses lose customers after their reputation is tarnished by a data hijacking.
Although there are at least four federal laws that address the issue, the U.S. lacks a comprehensive privacy protection measure. Current laws deal with the responsibility of companies that obtain and store the personal data, including the notification of customers. That is not sufficient protection.
Congress should enact a new Bill of Privacy Rights that mandates the following:
1. Place limits on the data consumers are required to provide. Too many credit firms, businesses, banks and government agencies collect data beyond what the transaction requires. Also, limit the sharing of consumer data between companies and government agencies.
2. Spell out universal standards for the protection of consumer data. Some organizations have data security guidelines, but compliance surveillance is almost non-existent. A company or government entity in violation of the standards should be fined and its leaders sent packing to jail.
3. Institute reimbursement for victims of cyber theft. Currently, consumers are usually forced to join class action lawsuits to obtain any financial assistance to cope with the fallout from cyber crime. Every consumer impacted by a breach should receive immediate and sufficient compensation.
4. Each consumer's data should be separated from other customers' information in computer files. In the event of a data breach, that could limit the number of consumers' impacted. The technology to achieve this separation already exists, but no one wants to incur the expense.
Consumers deserve to know their personal information is secure. If businesses and governments fail to safeguard the data they demanded from the public, they should be held accountable. Action cannot come soon enough on this issue.
No comments:
Post a Comment