Since I heard on the news about the break in at the Credit Bureau Equifax data base last March, I had followed it with great interest and concern. Although the problem of computer security is a huge problem, securing information of people’ personal information is a mush larger concern.
Last March, the Equifax database was hacked and an estimated 1400 names and personal information, everything that would be contained in your credit file was downloaded. Your address, bank accounts, credit cards, money lenders, mortgage, and the list goes on. Since my following of the Equifax story, I have found several other stories of similar nature, data, information of people and businesses, stolen right from their computers. However, according to news feeds, none of the information that was stolen from the Equifax database was use, according to several news articles reported by the Vancouver Sun, Glob and Mail and CBC Radio. But some interesting details was just reported in the business section of the May 3rd Vancouver Sun edition.
The article titled, Business of Protection, in which spells out an very interesting aspect of this situation, adds an old twist and sheds some light on the legal points of what could happen to a business who keeps such databases on people, especially when that data is stolen. There could be “…a huge potential in liability for any company that keeps information on individuals,” and added to that “companies can take steps to minimizes the risk of identity theft but also the legal ramification.” (McCullough: May3, 2004)
The problem as noted in McCullough’s article is that technology is moving so fast, and the law is so slow that problems are occurring between the two mediums. Our data storage devices are still in their early stages while laws that easily govern actual stolen property such as the computer take little account for the data inside it. Not only could removal be a problem, but copying it or changing it would be even harder to account for. “The federal and B.C. [sic] Privacy Acts that took affect Jan.1 notwithstanding, the law always lags behind the technology.” (McCullough: May3, 2004)
So, we have these laws and many are pissed that companies such as Equifax carry our information and that information can be taken, given and/or stolen without us even knowing about it, –after the fact. So lets examine the 2 pieces of legislation that are mentioned his in the article shell we?
The Personal Information Protection Act Bill 38, 2003, British Columbia is the first line of defense and the federal Personal Information Protection and Electronic Documents Act is the second. Companies are legally responsible for that data and could face class action suites. These would likely be the first line of attack by the victims, the article states.
McCullough, Michael May 3rd 2004. Business of Protection, Stealing computer data can be worse then stealing a computer. Vancouver Sun, British Columbia.