Boston-based Representative Michael Costello is backing a bill in Massachusetts that would set forth a scheme to hold "commercial entities" (profit or non-profit) to bear financial responsibility when they are robbed of sensitive customer data. This reimbursement proposal only covers bank fees, reissuing fees and reimbursement for fraudulent charges, and this money will be paid to the banks. (Full story - http://news.com.com/2100-7348_3-6161536.html)
I wish I could be excited about this news, but there is still not enough accountability being laid out by this scheme. When we agree to a transaction with a company, we do so on per-transaction basis. Of course, the record of the transaction necessarily requires them to store our data, but for how long? And then, for what purpose? Will some of these companies deny that they resell the information to other companies, or use that information to advertise other commercial holdings they may have to consumers? This is not public-domain information, and the fact that personal information that we give over for purpose of transaction can be used as a commercial advertising tool is a disgusting perversion and intrusion into consumer rights.
I support the Representative from Boston in his ideological push, but I can't support the limited effect of his bill. It's almost sad that we need a written law to compel these "commercial" entities to reimburse reissue costs and fraudulent charges - it was their negligence that led to the theft, it seems painfully obvious whose responsibility it becomes to pay out. The bill should push harder, requiring these companies to restrict storage, access and utility of this information. It should also account for personal damages done to individuals - damage of trust, potential damage to credit history, and other mental damages that many people experience when such vital information is stolen. This is a reiteration of something I've said before - in an age where our social security numbers, credit card numbers, etc. can provide skilled individuals access to our entire history, there need to be proper penalties and compulsion to protect and limit the dissemination of this information. The U.S. government traces credit records to build cases against people supplying money to terrorist fronts and organizations. It then deprives them of basic civil rights while it detains those individuals. This is dark reality, and as ID continues, it becomes a clear that people will be falsely accused and detained.
There need to be harsher penalties and compelling rules to force "commercial" entities to restrict their use and storage of this sensitive data. I appluad these beginning efforts, although they come a little late in the game, but also reproach the bill's weak language. The information being lost is not the bank's. It belongs to the individuals who place trust in the security of these companies, and in the strength and security of this economy. Such weak legislation acts as a simple slap on the wrist, and the real victims remain shadowed by the dealings of large private financial institutions.
No comments:
Post a Comment