Corante

Home > Weblog Columns > Customer Intelligence

Customer Intelligence

Monthly Archives

« April 2005 | Main | June 2005 »

May 15, 2005

Data Debacle

Email This Entry

Posted by Britton

While I certainly don't think the current customer data frauds and follies are any excuse to stop collecting it, I think there is a real danger that this could be the result if companies don't start managing it more responsibly.

According to a recent piece in Fortune Magazine, it will take more than IT security spending alone to address the problem. "Secure information typically walks out the door in one of three ways: hackers grab it, employees steal it, or companies lose it—through incompetence, poor gatekeeping, bad procedures, or some combination of the three. High tech allows the data to be captured, but tech isn't always the way it escapes."

One data debacle that the magazine looks into takes place at Bank of America. Last December, bank employees "packed up and sent to its backup data center tapes containing information on government workers enrolled in a charge-card account. Or at least, that's where they were supposed to go. The tapes—none of which were encrypted—shipped via commercial air. But just after New Year's, bank officials realized that the tapes had never arrived. They scrambled to see what might be lost. It wasn't pretty: more than a million names, addresses, account numbers, and Social Security numbers."

In early January, the bank called the Secret Service, which has jurisdiction over such problems. "Account holders had no idea that their information might be on the loose. Bank of America says the Secret Service asked it to keep quiet while it investigated. The bank kept monitoring the accounts, looking for any funny business, but found none—and still hasn't, it says. In mid-February the bank finally went public, promising that it had changed its ways (backup tapes no longer go by commercial air, for instance) and offering free credit reports and fraud monitoring to affected consumers."

While Bank of America apparently got lucky this time, security experts are now shaking their heads in disbelief. "The Bank of America incident was absolute stupidity," says Jim Stickley, the CTO of TraceSecurity, a threat-management company based in Baton Rouge, LA.

The real threat here is the backlash that inane behavior such as this could very well bring to life. We won't be any better off if customer data is no longer legally collectable, but that's the outcome if "absolute stupidity" remains an industry standard.

Comments (0) + TrackBacks (0) | Category: