Skip to main content
  1. News
  2. Top News

Reporting a data breach may be hazardous to your well-being (part 1)

See also

data breach

Rating:
Star5
Star
Star
Star
Star

What would you do if you discovered thousands of consumer profiles including social security numbers in the trash or floating in cyberspace? In an act to help those affected consumers avoid damage through identity theft, would you report the breach to the data owner that presumably mishandled the information?

Alternatively, would your report your discovery to law enforcement or a regulatory body, such as your state’s privacy office or the office of the attorney general? What about reporting the breach to one of the national watchdog privacy groups? Or would it be better not to get involved?

Our experiences suggest that organizations—private, governmental and not-for-profit are irresponsive to data breach reports from third parties. It raises the question, how many breaches go unreported because there is no one willing to listen to and investigate third party reports?

Under federal laws, financial institutions, as well as many other institutions, are required to follow privacy and security best practices. Best practices include having an employee appointed by top management to oversee the privacy and secure handling of consumer information. Any of the vendors of the institutions that handle consumer information are required to do the same—appoint a privacy or security officer.

Occasionally our office has received faxes or emails from financial institutions containing sensitive financial account and other personal information about customers. For example, our office once received a 30-page mortgage application that was faxed accidentally to our number.

When we contacted the financial institutions by calling the telephone number to report the disclosure of protected information we asked for the privacy or security officer. The person answering the phone did not know how to direct us. It has taken us hours to days to succeed in reporting these violations to the appropriate employee at the financial institution so they can take appropriate action to prevent further disclosure.

Part 2 of this article will discuss a recent data breach involved over 1,600 consumers that applied online for employment through a Wisconsin financial institution’s Website. Although most of the victims were from Wisconsin, the relatively small data breach included job applicants from 20 states and U.S. territories. The example illustrates the challenges third parties face when they discover a breach and decide to report information at risk.

Want to read more Madison Headlines Examiner articles? Then subscribe to receive continuous updates as articles are published. You can also follow Joe Campana on Twitter, Facebook and Linkedin.

Comments

Advertisement

News

  •  Day 17
    Israel continues their ravaging bombardment on Gaza as the conflict wages on
    Video
    Video
  • MH17 victims arrive home
    40 bodies of the MH17 plane crash return to a somber homecoming in Holland
    Top News
  • Military advisers to Ukraine
    President Obama announces the deployment of military advisers to Ukraine
    Politics
  • Bubonic plague in China
    A bubonic plague outbreak in Yumen prompts China to quarantine the city
    World News
  • Air Algierie disappearance
    A flight headed from Burkina Faso to Algeria disappears from radar over Mali
    Headlines
  • Windows Phone training portal
    Microsoft launches Windows Phone training portal in attempt to woo consumers
    Tech