4 replies on “BofA accidentally exposes 1.2 million customer records”

  1. Reminds me of the fun letter I got from USCD earlier this year telling me that my Social had gotten out because the data from applications had been stolen.

    I’d be interested to see proposals for better systems, however. It’s easy to say “the system doesn’t work,” but proposing a solution is much more difficult. Records have to be kept somwhere…

  2. It’s easy to say “the system doesn’t work,” but proposing a solution is much more difficult.

    I dont’ see why. The UK and the EU have some interesting and useful data privacy laws. We can also pass stronger versions of what we have for medical records, requiring certain minimum levels of data security and imposing penalties if data gets out. We can require stricter background checks for employees at these sorts of firms who deal with this data. We can do things like we do with FERPA that require that all data be disclosed to you, the owner of the data, upon request, and that you must be notified and must give consent before that data is shared. We can pass legislation such that a Social Security Number cannot be used as an internal identifier outside of the SSA, and that SSN cannot be used as a means of verifying identity, as it isn’t, it is just an identifier, not a password. Consumers should have the right to demand that banks and basically any other company not use their SSN as a record ID. Sure, these things will require time, effort, and expense, but that is not a good reason to not do it. The system we have is a joke. We, the consumers, deserve better. It is our data, not theirs.

  3. I dont’ see why.

    (Blockquotes are fun, hope I did ’em right…)

    Maybe I should rephrase my original statement that “proposing a solution is much more difficult”:

    Proposing a solution that “Big Business” and “Corporate America” won’t be able to block with the Congresspeople they’ve got in their pockets is much more difficult.

    Clearly SSNs shouldn’t be used as a form of ID, clearly people should know what data people know about them and who it’s told to — but how do you get leaders of businesses to change practices that “work for them”? Perhaps we’ll just have to wait until a few business leaders get their ident’s stolen…

  4. This article I found from BoingBoing brings up some interesting points.

    It tells about a guy who refuses to show his ID when flying from an airport, and why it’s so dangerous. Not to mention the fact that the “law” mandating showing ID is classified as “Sensitive Security Information” and nobody can see it… Sheesh.

Comments are closed.