Déjà vu. All over again. And again. Yet another data security break, as if the scores of breaches announced earlier weren’t already enough. A short while ago, I posted about a tally of the security breaches indicating that the personal data of over 5 million people had been leaked or improperly accessed. Now this, from the AP [link no longer available]:
CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts — including Social Security numbers and payment histories — have been lost.
Citigroup, which is based in New York, said the tapes were lost by the courier UPS Inc. in transit to a credit bureau.
That puts the tally at over 8 million people. Something is seriously wrong with the way personal data is maintained and used. Back in 2004, I wrote in my book: “Companies collect and maintain our information; they often use it for a myriad of new purposes; and they are frequently careless about the security of our data.” It would be nice to say that I was making a profound point, but it was an obvious observation — even back before the news of all the data leaks. Hopefully, lawmakers will recognize it as obvious now.
Originally posted at PrawfsBlawg
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.