A Data Bill Of Rights - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
6/6/2006
07:29 PM
Patricia Keefe
Patricia Keefe
Commentary
50%
50%

A Data Bill Of Rights

One of the biggest obstacles to fighting cybercrime is the corporations themselves. Never mind that many still don't heed the advice of their IT departments and make the appropriate investments in security. Once a crime occurs--be it hacking, identity theft, stolen equipment, or logic bombs--these same companies notoriously tend to bury their heads--and the news--in the sand. Many don't tell the cops, they don't t

One of the biggest obstacles to fighting cybercrime is the corporations themselves. Never mind that many still don't heed the advice of their IT departments and make the appropriate investments in security. Once a crime occurs--be it hacking, identity theft, stolen equipment, or logic bombs--these same companies notoriously tend to bury their heads--and the news--in the sand. Many don't tell the cops, they don't tell their partners, and they especially don't tell their victimized customers, employees, alumni, or applicants. They keep it very quiet for as long as they can.The excuses are always the same: It costs too much to notify people, they don't want the bad publicity, or as in the recent Hotels.com breach, a couple of months are needed to figure out what was lost on their auditor's laptop. (Don't these companies back up their systems? Don't they know what their employees have access to?)

Companies that allow employees to flout their security policies--or worse, that fail to enact basic or reasonable safeguards to deter cybercrimes--deserve every speck of bad publicity they get.

If a company is stupid enough to snail mail unencrypted drives containing sensitive data, or apathetic enough to routinely allow employees to bring home laptops stuffed with sensitive data, or unwilling to test their own system security, or commits any of a dozen more breaches of common sense, then a little time spent squirming under the harsh glare of the spotlight might be just the ticket.

Which is why I was glad to see a judge reject UBS Wealth Management USA's transparent attempt to bar reporters yesterday from covering the trial of a disgruntled employee who allegedly brought down two-thirds of its network.

To the credit of UBS Wealth Management (PaineWebber to most of us), it did call in the Secret Service after a forensic team spent a couple of weeks working on the problem and it became obvious that deliberate sabotage was involved. And it's working with law enforcement officials.

But there will be other similar trials where companies with sloppier security procedures will try to prosecute, but from behind a curtain. Judges shouldn't let that happen.

We should also be pressing for more immediate information when these breaches occur, and for companies to do right by all potential victims. In fact, since we're in an age when A) more and more data is being collected by more and more entities--including the government--and shared with God knows who, and B) data theft is accelerating, what we really need are two things:

- A uniform bill of consumer data rights that covers what kinds of data can be collected, who it can be shared with, what permissions are needed, and how long and where this data can be stored. This needs to be written in plain and simple English in readable type, and it needs to be accompanied by a reasonable, standard system in which consumers can quickly redress errors in their data.

- A uniform agreement on best practices for companies and law enforcement to follow in the event of a data breach. When should alerts go out to the cops and customers? What kinds of follow-up services are reasonable? Who gets notified exactly from among a list of stolen data? What are customers owed?

Of course, we need to have some basic levels of security in place, too, but as it has become all too painfully obvious, we aren't there yet. So we'd better get to work fast on figuring out the best way to deal with the increasingly ugly aftermath.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll