CONSUMER WATCH: Localities put private data in harm's way
Times Dispatch September 18, 2005
Reader Robert Regnier of Richmond refinanced his home in February. Immediately, he was inundated with at least a dozen offers for better mortgage rates and inquiries about selling his property. Puzzled, he began calling around and soon traced the release of his mortgage information to the Henrico Circuit Court Clerk's Office. What bothered him was the magnitude of personal information that anybody, including identity thieves, could see and use to solicit, steal, sell or legitimately use just by walking into the clerk's office or -- for several Virginia counties -- simply sitting at home reading them on the Internet.
The Chapell View
Every so often I see another spate of press stories describing the data that the Government makes available to just about anyone who wants it. Of course, the problem is that, for the most part, the only people who seem to want this data are the evil doers of the world and the data brokers.
As an aside, some might argue that there's little distinction between "evil doer" and "data broker." I prefer to view the latter as the poster children for another unregulated industry that is screaming for the Government to step in. And while they may have inadvertently been given a stay of execution as a result of the tragedies in the Gulf Coast, the Supreme Court nominations, and the great Spyware/Adware/Cookie debate, my advice to them is that the direct marketing industry would be much better of if they embraced change on this issue. OK, enough with the lecture. (But damn, if I hear another old school direct marketer tell me that the problem isn't with them, it's with everyone else...oiy!)
What makes this story a bit more interesting is that it falls nearly in the wake of the data breach scandals of the past year, and the response of several State Governments led by California to require businesses to disclose their data breaches. There's also some discussion at the state and Federal level about setting up rules around data breach, and regulating the transfer of data.
Of course, the trouble with choking off data flow is that it tends to be contrary to the concept of a free society. And since none of us seem to want to live under an EU privacy regime, then what's a privacy conscious American to do?
Perhaps the answer lay in limiting the flow of information to those who really need it. Of course that assumes that one could determine who really needs it. The minute I started my company I started getting all kinds of offers for credit cards, insurance, office supplies, Etc. I even got an offer for 100 American Flag pens with the Chapell Associates name and address on it. The things look hideous. I was thinking about giving them out at the next IAPP conference so we can find out whether or not pens given out in Vegas really stay in Vegas.
But even if we were able to figure out who really needed that information, how would we go about authenticating these people? Is the Roanoke County Clerk going to have the bandwidth to make such a determination?
Reader Robert Regnier of Richmond refinanced his home in February. Immediately, he was inundated with at least a dozen offers for better mortgage rates and inquiries about selling his property. Puzzled, he began calling around and soon traced the release of his mortgage information to the Henrico Circuit Court Clerk's Office. What bothered him was the magnitude of personal information that anybody, including identity thieves, could see and use to solicit, steal, sell or legitimately use just by walking into the clerk's office or -- for several Virginia counties -- simply sitting at home reading them on the Internet.
The Chapell View
Every so often I see another spate of press stories describing the data that the Government makes available to just about anyone who wants it. Of course, the problem is that, for the most part, the only people who seem to want this data are the evil doers of the world and the data brokers.
As an aside, some might argue that there's little distinction between "evil doer" and "data broker." I prefer to view the latter as the poster children for another unregulated industry that is screaming for the Government to step in. And while they may have inadvertently been given a stay of execution as a result of the tragedies in the Gulf Coast, the Supreme Court nominations, and the great Spyware/Adware/Cookie debate, my advice to them is that the direct marketing industry would be much better of if they embraced change on this issue. OK, enough with the lecture. (But damn, if I hear another old school direct marketer tell me that the problem isn't with them, it's with everyone else...oiy!)
What makes this story a bit more interesting is that it falls nearly in the wake of the data breach scandals of the past year, and the response of several State Governments led by California to require businesses to disclose their data breaches. There's also some discussion at the state and Federal level about setting up rules around data breach, and regulating the transfer of data.
Of course, the trouble with choking off data flow is that it tends to be contrary to the concept of a free society. And since none of us seem to want to live under an EU privacy regime, then what's a privacy conscious American to do?
Perhaps the answer lay in limiting the flow of information to those who really need it. Of course that assumes that one could determine who really needs it. The minute I started my company I started getting all kinds of offers for credit cards, insurance, office supplies, Etc. I even got an offer for 100 American Flag pens with the Chapell Associates name and address on it. The things look hideous. I was thinking about giving them out at the next IAPP conference so we can find out whether or not pens given out in Vegas really stay in Vegas.
But even if we were able to figure out who really needed that information, how would we go about authenticating these people? Is the Roanoke County Clerk going to have the bandwidth to make such a determination?