August 08, 2007
Computers stolen at Yale
The Yale Daily News is reporting on a recent security breach involving theft of two password-protected computers. I'd heard about this a few days ago from an alum, who'd sent me the breach notice letter. Yale's letter to the alum stated that a "computer containing your name and Social Security Number" but not your "financial account numbers" was stolen on July 17th from the Yale College Dean's Office. Yale Police "have very strong reason" to believe that "in such cases, the purchaser of stolen equipment usually moves quickly to erase the hard drive to hide its origin" and, further, that the thief had "no interest" in identity theft.
How exactly do they know this? Actually, I don't see how they can, unless they've already recovered it and conducted forensic research on the hard drive. Even though the letter goes on to advise the recipient to add a fraud alert to his credit reports, the tone of this letter is similar to the attitude taken by pretty much every industry lobbyist in Washington. Here, the industry hordes are lobbying fiercely that any federal breach notice law both preempt stronger state laws and also set a "risk trigger" before notification is required after a breach. It's a patronizing attitude. "Since we know best we believe that we should decide whether the risk of identity theft is high or low before we notify potential victims that we've lost their confidential financial information." Since they do not actually know the risk, the default should be to always notify. Not only does always notifying place potential victims on alert, which will make it easier for them to spot identity theft, an "always notify" requirement will force data collectors to do a better job protecting data in the first place, instead of leaving non-public information on unencrypted machines that are unsecure. Oh, by the way, breaches are happening almost daily, as the Privacy Rights Clearinghouse reports.
Posted by Ed Mierzwinski at August 8, 2007 02:12 PM
Posts
No comments:
Post a Comment