Data Theft and Corporate Irresponsibility?

cjsnell asks: "Today, I received a letter from a student loan provider notifying me that my name and social security number had been stolen along with a contractor's computer. This makes -four- agencies that have lost my personal information, in the last year. Today's letter was the most disappointing yet: the company, Texas Guaranteed, did not offer any credit report monitoring like the previous three had. Their advice? Send a letter to the credit bureaus. Gee, thanks. Clearly, mass identity theft is completely out of hand and there doesn't seem to be any government regulation for handling these situations, nor does there seem to be any punitive action against businesses that lose customers' data. Do we, as consumers, have any recourse against these businesses?"

the less information collected the better

[carsonc]

For most things, organizations don't need much if any of your information. The want it to mine... there is no down side for them. For the companies that do need data, I believe that every field in a credit report should have a complete audit history and companies should have to pay up and fix their mistakes. If legislation also made them accountable for data theft then you would see a lot less information collected. That would be a good thing.

Liability, liability, liability

[electroniceric]

There are two simple prescriptions for this:

1) Create and enforce real liability for loss of personal data. After that it may make sense to introduce "safe harbor" general privacy regulation (unlike domain-specific regulation like HIPAA) where if you comply with the regs, you get relief from liability in the event of a genuine mistake or contingency.

2) Create and enforce real responsibility of credit providers and credit bureaus. Allow consumers to immediately suspend any line of credit, and require true checks before issuing credit (no more instant credit). No more endless paper battles to get credit ratings fixed, charges rescinded, etc. [These previous two were cribbed from Kevin Drum at WashingtonMonthly.com. He expouns on this subject quite regularly]. Liability for failing to properly check that credit is properly issued or used, which is supposed to be the reason why vendors and buyers pay exorbitant credit card rates in the first place.

Get the liability in order and regulation will the preferable alternative.

Yep...

[msauve]

unless they're making payments to my Social Security "account," (i.e. paying me on a W2) they don't get my SSN. Unless they're [i]required[/i] by law to report tax info, they don't get my Federal Taxpayer ID (which happens to be the same as an SSN). I even went after my employer for violation of their own "Employee Privacy Policy," for giving my SSN to a third party health care provider and forced issuance of an insurance card with a non-SSN assigned number.

You [b]can[/b] do it, but it can also be a hassle, since you have to educate people (especially health care people, who seem to be clueless as a whole).