« Previous Post | Blog Home | Next Post »
Data breaches are not a threat
Posted on Aug 8, 2006 by Tom Fragala
That is what Albert Gidari wants you to believe. He is a partner in the privacy and security group at big law firm Perkins Coie. Here’s his quote from a recent article in the National Law Journal.
…Albert Gidari, a partner in the privacy and security group of Seattle's Perkins Coie, said that there is no empirical evidence that notice of data breaches helps consumers. "Notice vindicates no rights whatsoever and, personally, I think it scares them to death with no discernible benefit," said Gidari.
The only real damage of a breach is if somebody is able to open an account in the consumer's name, he added. That is easily solved by requiring those companies that extend credit to know to whom they are extending it, he said, and to allow people to clear their names if identity theft happens.
Wow. He seems to be saying that the only threat of a data breach is that someone might open an account in your name—and even then that is not really a big deal. Either he is joking or he really does not understand what identity theft really is. Which is hard to believe since he is a partner in the privacy and security practice of a major law firm (their client list includes Google, Microsoft, Intel, Starbucks, UPS, Washington Mutual).
First, someone opening credit accounts in your name IS a very big deal. It has been a nightmare to fix for thousands and thousands of people. Second, and this drives me nuts, someone opening a credit card account is NOT all identity theft is about. Even if you freeze your credit file, there are many ways your identity can be misused. One example is that someone could commit a crime and give law enforcement your information, or someone could use your identity to get employment leaving you with a huge tax liability and screwed up social security benefits. How about getting into an auto accident and giving your insurance and driver’s license data?
And if someone has lots of your identifying information, they could use that to unlock things that today you consider safe. For example, they could get access to your checking account information, order new checks, drain your account. And don’t expect the bank to just put the money back in no questions asked, like a credit card—it does not work that way.
Finally, let’s say someone got a hold of your personal identifying information. Then using that, with proof of identity, obtained all your medical records. Now that individual gets medical care in your name, which changes your medical history and possibly causing you a problem with future medical care. Or maybe there is something embarrassing in those medical records?
Ps. I saw this article in a post on the T-ID blog.
Filed under: Data Breach, Identity Theft
Comments
Jonathan on Aug 10, 2006
It is rather shocking when someone of prominence makes a statement of such ignorance.
Thank-you for blogging about it!
Another kind of Identity Theft you didn't mention in this post above is medical identity theft - I go to the hospital to get tested for HIV/Cancer. I find out that yes, I have it. But I gave them your information when I walked in the door. Your medical record now says that you have HIV/Cancer. Can you get it fixed? Absolutely. Will it be a huge annoyance? Absolutely.
Here's a hypothetical and opinion question for you... what's the scariest way an individual's information can be used?
Thanks for continuing these great posts on Identity Theft. Keep it up!
tom f on Aug 10, 2006
The answer is "it depends". But one really nasty way is criminal identity theft. So you end up with a terrible criminal record for crimes you did not commit. It is bloody hard to clean up police records and convictions.
Post a Comment