|
Negligence Ripple Effect
When a company becomes careless about information protection, its negligence ripple effect goes beyond the boundaries of the organization. Companies often do not realize the negative effect of their actions or inactions leading to poor protection of their customer and employee private information. Often, by the time they realize the ripple effect of their negligent behavior, it’s too late and they are probably facing identity theft lawsuits. There are many situations that a company can be considered negligent such as not having an adequate and qualified information security team, missing the tone at the top supporting information protection efforts, and bluntly ignoring best practices such as when various files containing private information including payroll files are printed and left unattended at corporate public printers. These types of careless actions expose consumer and employee private information to identity theft and fraud risks. When these unprotected files containing personal information are stolen and used to commit fraud, negligence ripple effect is observed in many corners of the society. Often, when private information is disclosed to unauthorized people within a company, which by the way happens often, the owners of the private information whether customers, employees or other third parties are unaware of such violations until fraud occurs and is detected, or their private information is posted to the Internet for fun or for money. There are many reasons why a company internal or external person might decide to abuse the discovered information, but often it is tied to financial gain, revenge, or ego. We are at the each other’s mercy when it comes to protecting our personal information. Our private information is safe to the extent that companies which we do business with keep them private, however, as we all know, we just need a disgruntled or untrained employee to steal and expose our private information which is so heavily used to identify us and validate our identities for approving transactions. As I mentioned, the careless actions of some companies may cause our personal information to be abused beyond the boundaries of the negligent company. To address the security negligence ripple effect, the Federal Red Flags Rule was recently introduced and is being enforced to force companies detect and prevent identity theft cases as they are being committed regardless of where the information was stolen from, however, privacy is totally not covered by the Red Flag law and we depend on other laws to ensure the privacy of our information including HIPAA and GLBA. |
