<By the way, for those who are concerned, have you noted that there is
public information, available on the web, that sometimes includes social
security numbers?.... That would include court record filings
(especially in the case of child support orders), and property record
transactions, where those preparing the documents have sometimes
included SSN's?>
And yet the U.S. Privacy Act and many state Acts have been revised to
prevent this. As RIM practioners we have to make sure our organizations
are in compliance with any data protection or personal privacy laws and
regulations AND as citizens we have to make sure our personal
information is handled in accordance with the laws and regulations.
Ginny Jones
(Virginia A. Jones, CRM)
Records Manager
Information Technology Division
Newport News Dept. of Public Utilities
Newport News, VA
[log in to unmask]
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Allen, Doug
Sent: Monday, May 09, 2005 11:49 AM
To: [log in to unmask]
Subject: Re: Accountability from those who handle financial records
The privacy issues and notification issues indicate a couple things to
me, including the following:
(1) This is an obvious area where there will need to be additional law
enforcement resources applied, and...
(2) It would make sense for those of us who are on this list, and thus
better informed than many others to take steps to secure our own
credit....
There are services that can help us, and there are steps that we can
each take with credit reporting organizations to ensure that we not
become "victims".
As much as I might like to place the blame on the organizations charged
with protecting this information.....and, certainly they can now do a
better job..... Protecting my credit remains fundamentally my
responsibility.
By the way, for those who are concerned, have you noted that there is
public information, available on the web, that sometimes includes social
security numbers?.... That would include court record filings
(especially in the case of child support orders), and property record
transactions, where those preparing the documents have sometimes
included SSN's?
Douglas P. Allen, CRM, CDIA+
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Hugh Smith
Sent: Monday, May 09, 2005 10:37 AM
To: [log in to unmask]
Subject: Re: Accountability from those who handle financial records
On May 8, 2005, at 12:03 AM, Automatic digest processor wrote:
> Sorry Hugh but several of these were asked by law enforcement agencies
> to NOT reveal the breach. California Cyber Security requires companies
> to reveal security breaches immediately UNLESS law enforcement says
> don't
>
> pak
> --
> Peter Kurilecz
> Richmond, Va
>
.............and, in the meantime, the interests of the citizen are
trampled. Our credit information is exposed and we are left in the
dark.
The cyber thief or those who specialize in Identity Theft is given
exactly what he or she wants, which is time to pilfer accounts or create
identities with no awareness by the individual that such a theft of
their information is made known.
If the information contained is about my family and your family, then we
should be made aware at the same time the bank is aware. Whether they
announce it in the newspaper or CNN is another issue. If someone breaks
into your house, and steals my car out of your garage, shouldn't the
police notify both of us? We are both victims.
The question is: who is really the owner of the information? If they
have my SSN, my bank account information, my credit card information and
that information can hurt me then I should be made aware. Especially
since the banks pushed through legislation about bankruptcy, any risk
exposure they create is now even more dangerous.
But if these thefts can be hidden from the victims by law enforcement,
does this create more or less liability for the bank? Can they hide
behind the "We couldn't tell you of your exposure because the police (or
FBI) asked us not to." I think a responsible Bank would have said "We
have a responsibility to our depositors and credit card holders to alert
them to their exposure."
This is why I bank with a locally owned bank. If something would
happen, my personal bank officer would call me and alert me to the risk.
They would not view this the same way a big conglomerate would. They
would look at the effect this would have on their local businesses and
neighbors.
So again, it is about Accountability from those who handle our financial
records. Failure to disclose to their clients for so many weeks is an
error in judgment in my opinion.
It is ironic that we worry so much about the Patriot Act violating our
personal rights by gathering information about us without our consent
but myriad banks have financial information on us.
Choice Point and many other credit reporting companies may have our
financial information and we have never given them permission to gather
and accumulate it. And if they lose it, they along with the police may
decide we don't have a right to reasonable notification to act to
protect ourselves.
> Sorry Hugh
I am really sorry that this legislation was written with a caveat that
helps protect the bank while it tramples on our rights.
Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610) 756-4440 Fax (610) 756-4134
WWW.FIRELOCK.COM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
