Another day, another example of consumer credit card information falling into the wrong hands:

Thousands of Hotels.com customers may be at risk for credit card fraud after a laptop computer containing their personal information was stolen from an auditor, a company spokesman said Saturday.

Meanwhile, the Federal Trade Commission is warning veterans to be on the lookout for scammers now that the personal information of 26 million veterans has been stolen from the Department of Veterans Affairs:

The Federal Trade Commission is cautioning veterans to be extra careful of scams following the recent data breach at the Department of Veterans’ Affairs (VA). In the past, fraudsters have used events like this to try to scam people into divulging their personal information by e-mail and over the phone.

As a survey I conducted for the Cyber Security Industry Association demonstrates, half of American adults have already heard news stories about the compromise of personal information (above graph). And only 18 percent believe of voters believe that existing laws are enough to protect consumer privacy. If the bills floating through Congress are any indication, politicians are getting the message - but only part of it.

For example, the bill sponsored by U.S. Rep. Steven LaTourette, R-Ohio, would establish federal standards that allow a company to determine whether someone is at risk of identity theft and whether that person should be notified. In other words, if a company loses a laptop full of consumer credit card info, the company would be under no specific obligation to inform those consumers about the loss. It would be up to the company, applying standards set by the government, to decide whether to tell their consumers.

My home state, California, has a different view of the issue. If the company loses personal data, it has to inform those people affected. Simple as that. Not surprisingly, my survey shows that voters like the California law better, even if it means they will get unneeded notices and pay higher prices. Still, the businesses who would have to admit when they lost the data will not go down without a fight and they know how to play the game: according to the Center for Responsive Politics, the Consumer Data Industry Association spent $3.2 million on federal lobbying between 1997 and 2004.

However, when that kind of money is getting spent to do the wrong thing, it only creates a political opportunity to do the right thing. As the public becomes more aware of the data security issue through news stories like the veterans info theft (and the clever Citi ads pictured above), politicians will recognize that there is an advantage in tying their opponents to the quid of contributions from big data merchants and the quo of votes against legislation requiring that the public be informed that their data has been compromised.

Senator Bill Nelson of Florida was recently reported to have complained to Senator Bill Frist about the delay in passing data security legislation. Nelson told Frist that 130,000 Americans had become victims of identity theft in the six months that had passed since Nelson’s committee had moved on the legislation. As Nelson was quoted saying in May, “‘If we don’t do something soon, none of us is going to have any privacy left.”

If voters are feeling like they have no privacy left come November, they will let their representatives know about it at the ballot box.

This entry was posted on Sunday, June 4th, 2006 at 12:02 pm and is filed under Blog, CSIA, Connectedness, My Clients. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.