…Cheaper than Protecting Customers by Updating Integrity of Software
Theresa Schoen
February 16, 2020
I am fed up with companies “accidentally” experiencing data breaches and buying consumers off with a year or two of free identity monitoring.
The fact is that companies have found it to be cheaper to pay for identity monitoring, than to update the security of their software and actually protect their customers (and themselves).
It is outrageous that Equifax could be in this huge group. I have no direct relationship with this company, they have significant data about me, and have put me at risk forever, as most of this personal information will be of value to the purchasers as long as I live and beyond.
I suggest that laws be put into place to:
- Require companies who suspect a data breach to notify all those affected within seven (7) days.
- Punish companies with fines that are significant enough that forgiveness afterward is no longer the cheaper way of doing business; such that companies become so fearful of paying huge fines to federal agencies and to their customers that they become proactive in maintaining the integrity of their software.
- Companies that experience data breaches should be required to pay for lifetime credit monitoring with all 3 credit bureaus—Transunion, Experian and Equifax for all persons affected.
Maybe if the cost of the penalties exceeds the costs of the crimes, companies will change how they do business. The cost to consumers is a lifetime risk and does not disappear after a year or two.
I have lost track of how many companies disclosed my information, but they include:
- a former employer
- Yahoo
- Equifax
- eBay
This morning I received an email from Transformco who informed me they purchased a number of Sears brands, took control of their records, and decided to excuse themselves from being sued for data breaches. I hope the following is proved to be indefensible and not legal. In their Privacy Policy dated January 29, 2020 they state:
Is My Information Secure?
We maintain reasonable and appropriate physical, electronic and procedural safeguards to protect your PII. While we work very hard to protect your privacy, no method of security is 100% effective, and we cannot be responsible for the actions of those who may gain unauthorized access to your PII. Transformco makes no warranties, express, implied or otherwise, as to the ultimate effectiveness of its reasonable and appropriate safeguards.
https://transformco.com/privacy#_Toc31123879 (emphasis is mine)
It is time we stop excusing breaches as accidental, and see them for what they are–a way of doing business.
We need federal policies in place to make data breaches the exception, rather than the rule, and an agency that serves as a resource for consumers.
https://patch.com/connecticut/madison-ct/data-breaches-are-cost-doing-business