Sunday, October 14, 2012

Data Breaches

We've all heard horror stories about commercial entities not taking sufficient steps to safeguard their customers' information. TJX (parent company of TJ Maxx), Hannaford Brothers Supermarkets, TD Bank, all sorts of people have been experiencing data breaches (even the Social Security Administration and -- not surprisingly -- the TSA). Many folks in the security field are trying to figure out better ways to protect this information. Believe it or not, this may be one place where the private sector really might be the solution.

Think about this:

Your company, XYZ Bank and Trust, holds confidential information on hundreds of thousands of customers. We're talking names, addresses, bank account numbers and Social Security numbers. You keep all this information on unencrypted tapes because (a) you're lazy, and (b) you don't want to spend a couple of thousand bucks on encryption software. Then, one day, you discover that the tape has vanished between Office A and Office B. Investigation indicates that the manager at Office A asked her teen-age son to drop the tape at Office B en route to pick up his girlfriend. Your customers have their information at risk.

As Karl Malden used to ask, "What will you do? What will you do?"

Here's a nice, easy solution. Fine the business a mere $100.00 for each customer potentially affected. This fine, by law, must come out of owner's or shareholder's equity, not general operating expense (which promptly gets passed right back to the consumers affected by your laziness). The cost of any credit monitoring comes out of owner's or shareholder's equity. Prohibit the bank from raising interest rates charged and from reducing interest paid, for a period of two years. For particularly egregious offenses, double the fines.

Not all that bad, right?

TD Bank managed to expose the information of 267,000 customers. That would be a fine of $26,700,000. Out of the shareholders' pockets. You think the shareholders would make sure that never happened again?  Damn straight they would.

You want to really drive the point home? Fines and costs come out of executive compensation. Start with the highest paid official of the corporation, deduct all but $50,000*, and put the withheld funds towards the fines. Do that until all fines and costs have been covered. Maybe hold an extra 50% in escrow, just in case. The execs will make goddamned sure those tapes are constantly monitored.

One more twist, if you're feeling REALLY evil: if any customer's information is misused, post the same information from the executives, including Social Security, and prohibit them from changing Social Security or bank account numbers for six months.

Hit the lazy thieving bastards in the pocketbook, and they'll start paying attention.

* Some of the executives may complain that they can't live on $50,000. Point out that that's a LOT more than many of us make, and welcome them to the 99%. They'll have to sell the BMW, the Rolls, the yacht, and the Montana ranch? Cry me an effin' river, dude.

No comments:

Post a Comment