Editor's Note: Data Protection Isn't Optional - InformationWeek
Business & Finance
07:15 PM
Stephanie Stahl
Stephanie Stahl

Editor's Note: Data Protection Isn't Optional

It's tax season. For the past few months or weeks, you've probably been sharing lots of personal financial information with your accountant or financial planner or you're doing your own taxes and filing online to the IRS. But maybe you're feeling a bit antsy with all the data-security breaches in the news, and you call your accounting firm to check their privacy and security policies. "Hi, may I speak to your compliance officer?" you ask. "Who?" the receptionist responds. "Your compliance officer. The person in charge of making sure the firm is in tune with the Gramm-Leach-Bliley Act." The receptionist responds, "Oh, yeah, that's the new hip-hop band my teenagers are listening to, right? Sorry, I don't know anyone here who knows anything about that band, but if you need some extra W2s I can send them to you." "No, I'm talking about customer privacy," you say. "Oh, yes, we have a privacy policy that we send to all our customers, and we post it on our Web site," the receptionist says. "Yes, I'm aware of that, but does the firm secure my personal data? The privacy policy is no good if it isn't enforced. Is there a compliance officer I can speak with? You have a compliance officer, right?" "Uh, let me get back to you on that," the receptionist responds.

The problems going on with ChoicePoint and Bank of America are just the tip of the iceberg if you ask Robert Chastain, general counsel of Ceeva Inc., whom I spoke with last week. His firm, a systems integrator and compliance auditor, was hired last year by a nonprofit group to do surveys assessing compliance with the federal law designed to protect consumers from identity theft. (CPA firms, tax preparers, and similar businesses all must comply, regardless of their size.)

"We found 90% noncompliance in every industry we surveyed," he said. "One large regional investment firm we surveyed used 'Password' for the password on every computer in the office. So you have as much to fear from your own accountant or investment adviser as you do from ChoicePoint."

Here are other good questions posed by Ken Casey, senior VP of retail banking at ATB Financial (see story, "Data In Peril"). "Are we doing anything that could compromise the security of customer data? What steps have we taken, and is there anything else we can do?"

Stephanie Stahl,
Editor-in-chief sstahl@cmp.com

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll