Editor's Note: Let Punishment Fit The Crime - InformationWeek
IoT
IoT
News
Commentary
2/25/2005
06:20 PM
Stephanie Stahl
Stephanie Stahl
Commentary
50%
50%
RELATED EVENTS
The Real Impact of a Data Security Breach
Aug 02, 2017
In this webcast, experts discuss the real losses associated with a breach, both in the data center ...Read More>>

Editor's Note: Let Punishment Fit The Crime

As you probably know, there aren't a lot of guarantees in life. But I have a few that I thought I'd share. If there are a zillion smart, innovative, and responsible uses for a technology, there are half as many stupid people who will abuse it (think child porn, software viruses, identity theft). If there are many responsible companies with smart privacy policies, there will be many others that are too lax about theirs. If people abuse technology for illegal or harmful purposes, they probably won't get the punishment they deserve (this is a probability, not a guarantee, but I fear if the trend doesn't change quickly, it will become a guarantee).

Let's start with ChoicePoint. Its privacy statement says it's "dedicated to protecting the privacy of individuals," which includes "strict standards regarding the use and dissemination of personal information." That sounds good. But somehow, identity thieves were able to set up 50 fake businesses and gain access to 145,000 customer data profiles. California law required the company to alert consumers about a potential breach, which is exactly the right thing to do. But it has opened up debate over whether laws in other states need to be more stringent. Regardless of what you think about that, here's what irks me: A company spokesman said, "We're being much more stringent in our requirements about who customers are and making them prove they're a legitimate business." Now, if you're dishing out personal information about consumers, wouldn't you think that providing it only to legitimate businesses would be top of mind? Wouldn't you seek that proof? Wouldn't you verify it?

Here's something that irks me even more. One of the participants in the scheme was sentenced to a measly 16 months in prison. It could take years for people whose identities have been stolen to clean up their financial records, and this guy gets less than a year and a half? "Surely this must be some kind of a joke," wrote reader Mike McCreery. "Shame on us as a society for allowing these people to steal this amount of personal data and then just give them a little slap on the wrist. Where is the justice when it comes to IT crimes?"

Good question.

Stephanie Stahl
Editor-in-chief
sstahl@cmp.com


To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll