Posted by: Beth Cohen
business responsibility, Consumer IT technology, Identity theft, IT security, Security
Question: With all the rampant fraud and identity theft on the Internet, why are consumers responsible for protecting their data when they have so little control?
The assumption is that if data is compromised or one’s identity stolen it is somehow the victim’s fault. The picture is painted that we are responsible for managing our own security. To a certain extent that is true and we should, as responsible citizens, practice basic network security hygiene. Yet, we are constantly barraged with advice telling us to install data protection software, invent complex passwords, change them often and monitor our financial activities. Is it really our fault when the system lets us down and our money is stolen, our identity compromised or our computers are hacked?
I would argue that the reality is far different. We as consumers do not have much control over the security of our data or how secure our computer’s operating systems are. Even if we pay for everything in cash, if we have a bank account, we are open to fraud. One of my students recently pointed out that the Internet can be thought of as a giant recording device. Everything that is ever posted to the net is still out there to be found and possibly used for nefarious purposes. Once our money enters the global financial system we have little or no say over who touches the information and what they do with it.
The average computer user should not be required to be a sophisticated network security professional to use the Internet services. Consumer protection laws were originally put in place back in the early/mid 20th century because we came to realize that if we purchased something that wasn’t what we thought it was, it was not because we weren’t smart shoppers, it was because the buyer/seller relationship was too skewed towards the sellers and not enough power was in the hands of the buyers to make informed decisions.
It is time that we come to the understanding that the Internet is entering a similar phase in its market maturity. Companies need to regain or maintain consumer trust. As good corporate citizens, it is our responsibility to make sure to implement proper security measures to protect customers’ data. The recent spate of laws in Massachusetts, the European Union and other places that are designed put the responsibility for the protection of personally identifiable data on the companies that are holding it is a step in the right direction.
About the Author
Beth Cohen, Luth Computer Specialists, Inc.