The other day I received yet another email from some company with a service I use online that told me that they have been compromised. They say that they are not aware of any evidence that my particular personal information was stolen or misused. They’ve suggested I reset my password and verify my account details. This doesn’t mean my information is safe. It’s probably out there now being typed onto multiple new credit card applications right now. They haven’t been the only one and there will be many others. That’s is of course not counting the companies that actually fessed up to their negligence.
Should companies be responsible for the safety of the personal information they keep on you? They ask for so much; name, address, SSN, mother’s maiden name, credit card number, high school mascot, etc. That’s all quite personal isn’t it? What is the penalty if they don’t keep that information safe? If they know they have been compromised, shouldn’t they be have to compensate me for not keeping my personal information safe? I know there are information thieves out there and they should be punished but who holds these companies to a minimum security standard? Do you even know what they do, if anything, to keep your data safe?
Is the burden of proof on them or me? How would I prove it? They could just as easily say some other company’s negligence is responsible. So they can walk around with my personal information with an open door policy for anyone that can access it. What is their cost for lax security? Unless they are a banking or security company, at most it’s a temporary lack of consumer confidence. This is the Internet age. Once your information is out there, it’s out there…forever. I don’t want them to have it anymore but what choice do I have? Some companies are even forcing me into two factor authentication like I want to put all that power into the hands of the person that steals my phone. Remember when a username and password was enough?