Nowadays, it takes a lot more to get a reaction from most people -- another death in Iraq, another corporate scandal, another serial killer. Next. It seems we're numb to even the most-horrific news. Blame it on the likes of Jerry Springer and the 24-hour news cycle.
By now, consumers tune out the fact that many companies are inept at securing data. It seems that there is a story every other day about data being lost or stolen -- a Fidelity financial advisor loses a laptop with the personal information of 196,000 Hewlett-Packard employees, or Citibank debit card transactions are blocked in Canada, Russia and the U.K. because personal identification numbers were compromised. Ho hum. It seems that losing data is standard operating procedure.
To be fair, the offending corporation isn't always a financial firm. But financial services has had more than its share of data missteps. For an industry that prides itself on its relationships with its customers, you'd think that financial firms would have already addressed the low-hanging fruits of data security -- don't store 200,000 unencrypted customer records on a laptop, and don't publish a customer's Social Security number on a mailing label (H&R Block). OK, the H&R Block example should elicit some reaction from even the most jaded, right? Ho hum.
And now the news is that the SEC and the IRS have been singled out by the Government Accounting Office for having inadequate security. The SEC and IRS? It would be comical if the matter wasn't so serious. Ho hum.
What is it going to take to correct this? Data security is a tough challenge, and I don't envy anyone who has the responsibility of protecting financial data from phishers, hackers and even disgruntled employees. But the examples in this column weren't caused by spyware or keyloggers or hackers or phishers or disgruntled employees -- each data security lapse was caused by internal shortcomings in firms' data security policies and procedures.
Unfortunately, lawmakers in Washington and various states are moving in very different directions when it comes to passing financial data security legislation. This only is going to cause more regulatory headaches for corporations, as a security breach in California may not be a breach in New York, though it might be a breach when Congress eventually gets around to acting. Unless businesses get on top of the data security topic quickly, they may be faced with a broad federal regulation on top of 50 separate state-based regulations. Ho hum.Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio