LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: The Ramifications of a Security Breach \| InfoLawGroup
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 19 Nov 2013 10:19:27 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (94 lines)

On Mon, Nov 18, 2013 at 7:57 PM, PeterK <[log in to unmask]> wrote:

> The Ramifications of a Security Breach | InfoLawGroup
> An online survey of 2,061 U.S. adults ages 18 and older was conducted by
> Harris Interactive in August of this year and the results are surprising.
> Nearly two thirds of the participants indicated that they would not return
> to a business where their personal information was stolen.  For specific
> types of businesses:
>
> Source:
>
> http://www.infolawgroup.com/2013/11/articles/information-security/the-ramifications-of-a-security-breach-new-study-finds-that-two-thirds-of-u-s-adults-would-not-return-to-a-business-where-their-personal-information-was-stolen/
>

This one was sort of interesting, but it gave data that lacked further
explanation.  For example, one comment/data point was:

55 percent would change banks

I guess I'm wondering if they meant the bank was DIRECTLY RESPONSIBLE for
the exposure or the data loss, or if their information had been exposed
while they were a customer of that bank, through some vendor.  Over the
years, I don't think many of us have been immune to SOME FORM of identity
theft and in many cases, it involves a debit or credit card used SOMEWHERE.

One of my daughters had hers stolen from using a credit/debit card at a gas
station;  the other from using a credit/debit card for an online purchase.
My debit card was hijacked at a restaurant that I've visited for over 30
years.

One daughter had both her checking and savings account cleaned out of $2700
COMPLETELY within 5 hours; the other lost $500 in 3 hours before the bank
contacted her.  Mine was used to buy 8 cartons of cigarettes, fill two gas
tanks, 6 bottles of booze, 2 cases of beer, and a laptop computer and
printer from Best Buy by placing an order online and picking it up without
EVER HAVING TO PROVIDE a credit card or ID !! A whopping $4300 before I got
a call... and this was when my Mom was in the hospital on her deathbed.

BUT... in ALL three of these cases, we got 100% of our money back, and it
happened within 24 hours of report/notification.  It actually took longer
to get new cards issued than anything else.  And no, we didn't have any
special coverage... but this was a bank that I've been with since 1973, and
both girls have had accounts with since birth.

My point is... if you have a solid "relationship" with a financial
institution, it doesn't make logical sense to take a knee-jerk reaction and
"change banks" because of an incident UNLESS they didn't deal with it
properly.

Similarly I found these comments/data points interesting:

– 42 percent would go to a different drug store/pharmacy
– 40 percent would get a new doctor or dentist
– 35 percent would not return to their hospital

With many insurance plans now, you're "locked into" a medical group or
practice once you join, and the pharmacy you use may also be associated
with the provider as your sole option.  Ditto the hospital- physicians are
aligned with specific hospitals, so what then?  You may be able shift after
the new year's open enrollment, but unless you want to pay all costs out of
pocket... there aren't a lot of options.

I think it's more important to understand the information privacy practices
your aligned service providers adhere to when you START an arrangement with
them instead of making a decision to shift after your data is exposed.
Every one of the above service providers I've been involved with provide
copies of their privacy and information protection practices on initial
engagement and once a year after that... and if you read these, few of them
do not accept responsibility for protecting your information from
exposure.

More to the point, given what those of us reading this do for a living, we
have the ability to offer even GREATER protection to these providers...
especially those who store information (in physical or electronic formats)
offsite with third party providers.  Let them know about "Business
Associates Agreements" and suggest that they REQUEST ONE if they don't have
one!  This provides one additional layer of protection for you and them in
the event information is exposed while in the control of a third party,
whether in transit or in storage.

Larry
[log in to unmask]

-- 

*Lawrence J. Medina Danville, CARIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US