"Lost" is a popular reality TV show which now may very
well become re-branded to include identity theft as the
number of security breaches continues to expose careless
data handling by companies entrusted with sensitive
consumer information.
In this latest episode of "Lost: The Missing Consumer Data",
we expose the misdeeds of Hummingbird, a Texas based
software company contracted by the Texas Guaranteed
Student Loan company to prepare a document management
system.
Apparently an employee of Hummingbird "lost"
hardware containing unencrypted names and
social security numbers (ssn) of 1,300,000
borrowers as of May 24th.What's appalling about this latest "lost" data episode opening
up 1.3 million consumers to identity theft and credit fraud is
the data was originally encrypted prior to transferral
to the "lost" hardware plus the Texas Guaranteed Student
Loan Corporation itself may have become a victim of it's own
counsel.
In 2001, the General counsel of Texas Guaranteed Student
Loan Company provided
commentary to the F.T.C. to support
strengthening the landmark G.L.B. consumer privacy legislation.
The opening remarks, on the surface, appear to be
supportive of more stringent privacy safeguards.
TG supports the Commission's endeavor to establish rules
that seek to protect the privacy of, among others,
those students receiving financial aid assistance.
We also appreciate the opportunity to comment on
the proposed Privacy Rule.
TG supports the establishment of safeguards designed
to ensure the security and confidentiality of customer
records and information.
..but then commentary provided by the company's counsel
suggests a much "looser" standard be applicable
to auditing as well as liability associated with contractors.
TG agrees that the proposed rule should not require
that particular audit procedures or tests be used,
as this approach is consistent with the flexibility
given throughout the rule to each entity to determine,
within the mandates of the Act and rule, how it can
best protect "customer" information.
...the currently proposed language seems to impose an
obligation on the part of the financial institution
that may be impossible or impracticable to meet. If
there is no previous business relationship between
the parties, how will the financial institution be
sure that the service provider actually "is capable"
of maintaining appropriate safeguards? We suggest
that the language be rephrased to require the financial
institution to utilize only those service providers it
reasonably believes to be capable of maintaining
appropriate safeguards.
Given, this was in 2001, before the California
disclosure law enactment which required companies
nation wide to disclose security breaches and as result
we have subsequently seen over
130 separate
incidents negatively impacting over 80
million Americans.
Unfortunately,
this type of loose approach toconsumer data security has been the mindsetof U.S. business executives for years and as we
have seen by the volume of "lost" consumer
information cases reported just within the past
1.5 years, indicates you are
virtually undefended and naked to attack by any identity theft or
simply a careless employee.To seize back control, take action immediately.
So,
our tip for today is to
seek out your credit"freeze" available options in the state you
reside in. Even if you are not fortunate enough
to live within one of the handful of states with
credit freeze laws, still deny identity thieves
the ability to harm you financially.
Order your credit report and inspect it for any
suspicious activity. Then finally, to augment
that snapshot in time credit report, make sure
to enroll in a
comprehensive credit
monitoring service.