LA Times, September 29, 2017
When we as consumers and customers hear yet again that our personally identifiable information (PII) has been stolen by hackers, it’s frustrating and concerning. It would be even if the company who held our data had done everything possible to protect that information and was still compromised. But when we find out companies haven’t done nearly enough, and maybe not much at all, to protect our information, it takes frustration to a whole new level.
All the prominent companies boast about their robust commitment to security, promising the moon in safeguarding our privacy. Here’s what Equifax promised: “Safeguarding the privacy and security of information, both online and offline, is a top priority for Equifax.” They, like so many others, boasted a strong commitment to information privacy. But the reality is that proper security mechanisms were never put in place – by intention, not accident.
One of the mechanisms companies could implement but often don’t is encryption. Encrypting data would render it useless even if stolen. But companies view such a step as intrusive to business and expensive so they opt instead to take the risk and face a penalty should they be compromised. That’s all the more aggravating for the millions of us who are forced to trust them.
Willy Leichter, vice president of marketing for Virsec Systems, a San Jose cybersecurity firm, comments “The internet wasn’t built for security. It was built for openness.”
But that doesn’t mean companies are off the hook. The LA Times writer has some persuasive ideas for making companies step up to the security plate and make good on their promises.