Retailers, Banks Trade Blame in Data Thefts
The Washington Post today ran a story I wrote about data breach legislation being crafted on Capitol Hill. Lawmakers are looking to respond to the almost daily disclosures of companies, schools and government agencies suffering data breaches or otherwise exploiting consumers' personal data. Since February 2005, when data mining giant ChoicePoint divulged that it had sold data on 145,000 consumers to criminals, there have been more than 100 million instances in which Americans have had their personal data compromised due to data breaches and mishaps, according to Privacy Rights Clearinghouse.
It's difficult to find a policy issue that's more timely than data privacy and security. Based on my recent interviews, it is clear that this issue is shaping up to be a slugfest between the retail industry and small banks.
A recent high-profile data breach at TJX, the Massachusetts-based parent of discount retailers TJ Maxx and Marshalls, happened in the backyard of House Financial Services Committee Chairman Barney Frank (D-Mass.). According to Frank, retailers like TJX are not doing enough to protect their customers' data (TJX said hackers had broken into its credit and debit card processing network for six months last year and in a separate period in 2003). Frank wants retailers to bear more of the costs that banks incur when canceling new accounts, issuing new cards and dealing with the fallout from angry and confused customers. I suspect that his argument is likely to resonate strongly with many consumers.
Retailers tell a different story. Mallory Duncan, senior vice president of the National Retail Federation, sums up their point of view: "Most of the larger banks have very sophisticated, round-the-clock fraud monitoring systems in place, but a lot of the smaller institutions don't have those systems," he said. "These institutions have abdicated their responsibilities in this regard, and now they want retailers to pay for it."
The rest of the story is here. Security Fix will be keeping a close eye on this key issue. I will be moderating a panel on possible legislative solutions to data privacy and breach problems at the RSA Security conference in San Francisco next Tuesday. If you're heading out there as well, please drop by the panel to join in the conversation; I plan to leave plenty of time for Q&A.
Posted by: ejg80s | February 2, 2007 10:40 PM | Report abuse
Posted by: Jack E. Dunning | February 3, 2007 6:57 PM | Report abuse
The comments to this entry are closed.