Loose Cannon: Federal Feet in the Data Industry’s Shoes
It must have been quite the Memorial Day for the 26.5 million veterans whose personnel files were stolen as a result of a government employee’s negligence. Nothing makes beer and hot dogs go down smoother than the prospect of having to spend months, and thousands of dollars, trying to clear up one’s credit history.
Last year’s Congressional data theft hearings set expectations for what some members view as the steps private firms should take to correct data breaches. Yes, the Department of Veterans’ Affairs will spend $25 million notifying veterans via traditional mail and telephone. But will it provide the level of credit monitoring and other restitution members of Congress had previously demanded of private companies that experienced similar breaches?
During one March 2005 hearing, Rep. Ed Markey (D-MA) demanded that companies provide several years of credit watch services. In fact, he tried to nail down a promise from ChoicePoint CEO Derek V. Smith for multiple years’ credit monitoring.
“My concern is, what happens after one year?” Markey asked back then, after Smith mentioned his company would offer one year’s worth of these services. “My constituents who have written to me, who have been victimized by ChoicePoint’s privacy breach, are very concerned about the one-year time limit. They are afraid that these bandits will just wait one year and then use all of this information that will bring them great problems.”
Markey went on to request lifetime monitoring service and instant e-mail and postal alerts for each and every consumer who had “been victimized as a result of ChoicePoint’s negligence.” Well, 26.5 million former employees of the U.S. government have been similarly victimized through its negligence. Where is Markey’s outrage now?
Perhaps the government will try to hide behind the contention that, while the stolen data did include the names and birth dates of the vets, as well as Social Security numbers for 19.6 million of them, it did not contain any health records or “explicit financial information,” according to The Washington Post.
That shouldn’t be enough to satisfy Senator Charles Schumer (D-NY), who railed at Federal Trade Commission chair Deborah Platt Majoras during Senate data privacy hearings last year. To her credit, Majoras made the distinction between information collected by marketers for cross- and upselling purposes, and personally identifiable information such as that contained in the lost veterans’ files.
But Schumer was more concerned about expanding existing rules to pull companies such as ChoicePoint under the FTC’s jurisdiction.
Perhaps the Department of Veterans’ Affairs should fall under the Commission’s jurisdiction, too. Or perhaps the government, now similarly responsible for compromising consumer data, should re-examine its attitude toward the information industry.
Welcome to our shoes, my federal friends. Hope the mile-long walk doesn’t raise too many blisters.
To respond to the opinions in this column, please contact e-mail: [email protected]
