Information Week ran a great cover last month on their March 20, 2006 issue. The cover read "Sorry State of Affairs: Businesses continue to handle personal data with alarming ineptitude. Here's the ugly truth about how it keeps happening--and the costly ramifications." Because of my hiatus, I didn't report the article when it came out, but the article is a keeper because it's a snapshot into the current state of information security as handled by companies (read the article at: The High Cost Of Data Loss).
Hackers and careless package delivery services grab the headlines when sensitive data is lost or pilfered, but often all that's needed to steal an identity are a Web browser and a search engine. Government agencies, educational institutions, and businesses digitize paper records and post them to Web sites but too often don't scrub documents of sensitive information.
No one seems to know how often Social Security numbers and other personal information are carelessly posted on the Web, but government agencies from the Department of Justice to village clerks have slipped up. In December, Information Week reported that certain pages on the Justice Department's Web site included the names and Social Security numbers of people involved in department-related legal actions.
This is a business-culture problem with no real solution other than new laws. Sadly, lawmakers are doing exactly what I predicted long ago. Businesses don't take security seriously so lawmakers step in. Congress will gather in a room, write down how they think things work (which they really don't know since they are nothing more than popular lawyers), and then talk the legislation into some kind of impotent junk. It will require companies to jump through hoops for reporting that they are protecting their information while creating another government-run, tax-wasting, bureaucratic nightmare. Meanwhile, the identity thieves run around free leaving havoc in their wake.
You cannot legislate a cultural change. Businesses will do the absolute minimum to comply with the regulatory requirements between audits. The business community should start with schools, conferences, internal training, and policies. That will build a healthy culture. In addition, lawmakers should figure out how to fund law enforcement better so the bad guys get caught more often. Why spend more money on a new regulatory system rather than just helping law enforcement enforce the existing laws? Existing laws already cover the crimes in question. The "sorry state of affairs" is right.
Popularity: unranked [?]
Of Course by Jane's Addiction