Opinion: Lose My Data, Pay Me $1,000By Larry Dignan | Posted 2006-06-07 Email Print
Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >
Opinion: If companies had to pay $1,000 for each customer inconvenienced by lost personal data, they would shape up on their security in a hurry.
Veterans groups may have accidentally found the remedy for companies' lax protection of customer information. The cure: $1,000 for each person affected by a data breach.
The veterans groups behind a massive class-action lawsuit against the U.S. Department of Veterans Affairs, which opened the door for the personal information of 26.5 million veterans to be stolen from an employee's home, are seeking damages of $1,000 for each person affected.
And while the suit doesn't affect the corporate world, it's not a bad idea.
The lawsuit charges that the VA "flagrantly disregarded the privacy rights of essentially every man or woman to have worn a United States military uniform."
To make amends, the plaintiffs want $1,000 in damages for each person listed in the database that was stolen. Add it up and that's damages of $26.5 billion. Ouch.
Now, I'm not the lawsuit-lovin' type, but this case could provide a eureka moment. Disclosing breaches as required by California law only results in public scorn that's forgotten faster than the fifth-place finisher in "American Idol."
Meanwhile, regulators come up with wimpy fines. In January, the Federal Trade Commission levied $15 million in fines against ChoicePoint, an aggregator of consumer data whose lax procedures for disclosing personal information of 163,000 individuals to fraudsters.
The FTC had charged ChoicePoint with violating the Fair Credit Reporting Act, among other issues.
Read the full story on eWEEK.com: Opinion: Lose My Data, Pay Me $1,000