[Dataloss] rant: Useless Compensation for Data Loss Incidents
dmetcalf at mcraemetcalf.com
Wed Jun 11 20:57:36 UTC 2008
I agree, but it is difficult to specify a concrete alternative that a court
could order these companies to provide. The TJX settlement called for
credit monitoring, not because it was perfect, but rather because the
lawyers and plaintiffs' experts could not think of a better alternative that
the court might actually award. Defense lawyers now tell their clients
that, based on this precedent, credit monitoring is all they are liable to
provide. If a better response could be developed and approved by a court in
making a class action award, that would become the new "industry standard."
Any ideas? Should credit monitoring be the standard for incidents like
Hannaford (involving Track 2 data), but require a higher level of protection
for incidents like BNY Mellon of U of U where social security numbers,
medical records or highly personal information is disclosed?
From: dataloss-bounces at attrition.org [mailto:dataloss-bounces at attrition.org]
On Behalf Of MKEVHILL at aol.com
Sent: Wednesday, June 11, 2008 9:02 AM
To: lyger at attrition.org; dataloss at attrition.org
Subject: Re: [Dataloss] rant: Useless Compensation for Data Loss Incidents
Credit monitoring is the cheapest reactive measure, plain and simple. And
without a doubt, its a false sense of security these "careless
organizations" are giving the effected individuals.
Certified Identity Theft Risk Management Specialist
In a message dated 6/11/2008 3:33:05 A.M. Eastern Daylight Time,
lyger at attrition.org writes:
Wed Jun 11 03:38:35 EDT 2008
If you have been the victim of a data loss incident, odds are you have
received a letter from the careless organization that lost your
information. These letters always offer apologies and sincere hope that
your identity or personal information isn't abused. The recent BNY Mellon
incident (which now stands at 4.5 million potential customers affected)
resulted in customers receiving such a letter:
Notice that in return for having your personal information lost, they are
offering free credit monitoring for 12 whole months! This seemingly
generous offer has apparently become the standard business practice for
acceptable compensation when your personal information is treated with
carelessness. BNY opted to go with ConsumerInfo.com's "Triple Alert"
credit monitoring product (despite no mention of that 'product' on the
consumerinfo.com web page), which watches for changes to your credit
reports from the three national credit reporting agencies in the United
States (Experian, Equifax, TransUnion). If you are unlucky and get caught
up in multiple data loss incidents, you may receive this "gracious
compensation" many times over.
First, why is this type of reactive credit monitoring acceptable
compensation? This seems to be another case of one business following
another and... voila, we have an industry 'standard' that does little to
serve the customer but does everything to serve businesses that want to
look caring and "customer-centric" in the media.
Dataloss Mailing List (dataloss at attrition.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
Vote for your city's best dining and nightlife. City's Best 2008
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dataloss