|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
TELL WHEN PRIVATE DATA'S DIVULGED, STOLENSource: Toronto StarPosted on February 21, 2005 For those who don't know - and there are many who don't - the federal government has declared this month "Fraud Awareness Month," part of a public education initiative organized by the Competition Bureau. The idea is to arm people with the information they need to avoid becoming victims of fraud. And there's no question about it, awareness and "knowing" are key ingredients to fraud prevention. Unfortunately, public education alone doesn't cut it. Earlier this month, an Atlanta-based data collection company called ChoicePoint claimed that a number of "well-organized criminals" posed as legitimate businesses as part of a plan to access detailed consumer information held in ChoicePoint's massive database. "It appears that consumers' names, addresses, Social Security numbers and credit reports may have been viewed by these individuals," the company disclosed last week. Just for background, ChoicePoint made more than US$900 million last year by selling the information it collects on people. Turns out that ChoicePoint became aware of the breach last fall, but, according to the company, "law enforcement authorities did not allow ChoicePoint to disclose the incident until now so as not to compromise their investigation." Even when ChoicePoint got the clearance to notify those consumers possibly affected, it initially only chose to send notification letters to 35,000 California residents whose information was breached. Why just California? Because it's the only state that requires, by law, that companies with privacy breaches disclose the problem as soon as possible. California created the law on the belief consumers can better detect and guard against identity theft if they know their information has been breached in some way. ChoicePoint, now that the event has gone public in California, has decided it better warn people in other states. Turns out 140,000 are affected across the country, and law enforcement authorities recently confirmed that at least 750 people have been victimized as a direct result of this breach. It's worth pondering, had those 750 people been notified sooner would they have become victims? And who knows how many more victims will emerge? Studies suggest it can often take more than a year before an identity thief's fraudulent activities begin to show up on a victim's radar screen. What's the lesson for Canada? First, public education can't protect us against companies that collect information about us and then do a poor job of keeping the data out of wrong hands. In the case of ChoicePoint, various U.S. media reports say many of the people affected by the breach had never heard of ChoicePoint. Do you know what companies out there hold information about you? It's safe to say you haven't a clue. Second, the ChoicePoint example shows us that California has the right approach to minimizing the impact on identity theft victims. By forcing companies to disclose breaches right away, it not only prevents businesses from covering up privacy mishaps in hopes they'll quietly pass, it also gives consumers a fighting chance at a time when identity theft is sapping confidence in online and offline commerce. Canada isn't immune from this problem, as privacy leaks at CIBC, ISM Canada and Bank of Montreal have demonstrated. It's for this reason that a coalition of consumer groups, the Canadian Consumer Initiative, called on the federal government this month to follow in California's footsteps. They want a law that would force businesses and public-sector organizations to immediately notify consumers who have a chance of being affected by privacy mishaps. "Since business and government often open the door to identity theft through their practices, it seems reasonable to ask them to lead the battle against it," said Peter Bleyer, coordinator of the Canadian Consumer Initiative, which also wants the government to mandate a two-year phase-out of the use of social insurance numbers by businesses. The Public Interest Advocacy Centre, a member of the coalition, proposed in a 2003 report on identify theft that the disclosure requirement be legislated. Philippa Lawson, executive director of the Canadian Internet Policy and Public Interest Clinic in Ottawa, and legal counsel for PIAC at the time of the report, says a disclosure law - more than any other initiative - would likely prove the greatest benefit to consumers. So far, Ottawa has taken no action, despite the sharp increase in identity theft crimes in this country - and it's only getting worse. Until more federal politicians start noticing funny charges on their credit cards and unauthorized transactions in their bank accounts, regular folks are going to have to wait.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |