Business & Finance
Commentary
3/4/2005
07:15 PM
Stephanie Stahl
Stephanie Stahl
Commentary
50%
50%

Editor's Note: Data Protection Isn't Optional

It's tax season. For the past few months or weeks, you've probably been sharing lots of personal financial information with your accountant or financial planner or you're doing your own taxes and filing online to the IRS. But maybe you're feeling a bit antsy with all the data-security breaches in the news, and you call your accounting firm to check their privacy and security policies. "Hi, may I speak to your compliance officer?" you ask. "Who?" the receptionist responds. "Your compliance officer. The person in charge of making sure the firm is in tune with the Gramm-Leach-Bliley Act." The receptionist responds, "Oh, yeah, that's the new hip-hop band my teenagers are listening to, right? Sorry, I don't know anyone here who knows anything about that band, but if you need some extra W2s I can send them to you." "No, I'm talking about customer privacy," you say. "Oh, yes, we have a privacy policy that we send to all our customers, and we post it on our Web site," the receptionist says. "Yes, I'm aware of that, but does the firm secure my personal data? The privacy policy is no good if it isn't enforced. Is there a compliance officer I can speak with? You have a compliance officer, right?" "Uh, let me get back to you on that," the receptionist responds.

The problems going on with ChoicePoint and Bank of America are just the tip of the iceberg if you ask Robert Chastain, general counsel of Ceeva Inc., whom I spoke with last week. His firm, a systems integrator and compliance auditor, was hired last year by a nonprofit group to do surveys assessing compliance with the federal law designed to protect consumers from identity theft. (CPA firms, tax preparers, and similar businesses all must comply, regardless of their size.)

"We found 90% noncompliance in every industry we surveyed," he said. "One large regional investment firm we surveyed used 'Password' for the password on every computer in the office. So you have as much to fear from your own accountant or investment adviser as you do from ChoicePoint."

Here are other good questions posed by Ken Casey, senior VP of retail banking at ATB Financial (see story, "Data In Peril"). "Are we doing anything that could compromise the security of customer data? What steps have we taken, and is there anything else we can do?"

Stephanie Stahl,
Editor-in-chief sstahl@cmp.com


To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.