Marriott unit loses personal data of 206,000 customers

They sent us a letter to let us know about it and offered us a month or two of free credit monitoring. We were not amused.



Laura

social security-- bank account #s etc through their own carelessness

The big thing is proving damage.


Laura

This kind of thing is happening with greater frequency. It seems that those that are entrusted with our personal information are increasingly cavalier about safeguarding it. I would advocate for legislation that strengthens the rights of those whose information is lost, to prosecute regardless of whether they suffer direct economic loss from the loss of information. The act of "losing" data should be regarded as a breach of contract and a crime of negligence.

It is clear that personal information must be regarded as an economic commodity, something to buy, sell and barter. Any time a professional organization "loses" huge amounts of personal information, a thorough investigation by local and federal law enforcement agencies should be triggered. The organization should be fined, and restitution should be made.

We are transitioning into an information age and information is as viable an economic vehicle as oil, alcohol, weapons and food. Personal information should be regarded as such in courts of law. Legislation for protecting and safeguarding our personal information should be established and should extend far beyond copyrights.

a few years now and there is no easy clear legislation that would help.

Even more so, most of the states have better laws in place that would end up being weakened by Federal Mandates.

I have 1st hand experience, because I have worked in the background screening industry for about 5 years including dealing with compliance issues such as protecting vital information.

Lastly where do you draw the line of what is personal information for these companies.

For example Congress must decide this,

Your name and telephone number are unlisted but accidentally gets released in some public fashion - Congress will probably not issue penalties for this,

but then look what happen to Choicepoint last year - Congress would have to set penalties for this type of carelessness.

So you have an ever growing industry with no rules and regs - and inept Congress that does not know how to handle it which = you'll see this happening a lot more until the states crack down on the industry.

I see where there would difficulties in deciding when I could prosecute. But something has to be done don't you think? How did we get legislation protecting personal medical information? I think the lack of congressional will is most pertinent and accurate here.

The bigger issue is that we are collectively devaluing our privacy. I would argue that desensitizing ourselves to the loss of our private information is part of the reason there is a lack of public outcry to the recent NSA spying issue. But that is another issue and I digress.

The point is that organizations have collections of data, databases full of relational data. They don't just lose my phone number. They lose thousands of phone numbers. All at once. And they probably lose a lot of related data as well.

Having my phone number in a phone book or in an online directory is clearly a different situation. The intent is clearly different. The amount of related data available to be lost is much less.

So what is the difference between a corporate employee losing a local phone book and losing tapes with Gigabytes of customer information? This to me, does not seem an impossible thing to distinguish. Ask yourself why they would want to warn me about losing tapes with my data and not warn me about losing the phone book.

What is the difference between someone that works for the phone company losing a phone book and the tapes with the database files on it? Fundamentally, it is a breach of trust and negligence. There does not seem to be much wiggle room there. But I don't think that it would be an impossible task to delineate liability issues when it comes to safeguarding personal information.

hundreds of others on this subject that Congress must write legislation for and until our "inept Congress" can do this then we will still see these types of headlines.

You can prosecute whoever you want for whatever reason(s) you feel that need to be done, but that does not mean that you will win those suits nor does it mean that law makers will have some sort of protection built into the law for you. (even though there would already be laws on this in a perfect world)

Granted the phone book example is not the best example but it does show that Congress will have to decide what is allowable and what isn't and with more and more industries and technology using electronic storage the more Congress will have to set guidelines.

In other words even when you "Fix" the problem there will be "New" scenarios to deal with.


Give Mommy a Kiss....

Lets say I disclose all kinds of information to a mortgage company when I apply for a mortgage, I would like some kind of assurance that they will protect my privacy. I trusted them with my information and I am paying them to process my mortgage.

I want them to be legally bound to safeguard my information. And I want some recourse when they "lose" my information. Thats all. Just for fun, lets start by creating privacy legislation for the mortgage industry. Would that be so impossible?

I ask rhetorically - I know that congress needs the will to act. Why should they protect the interests of the little guy when its the big guys who are paying them off.

in place to protect consumers, but in most states and industries there is little oversight.

I think I mentioned in an above post that the states will and have the more strict rules when it comes to this type of legislation as opposed to the Fed's and if the states don't yet, they will be able to make tougher laws on this for whatever industry or situation developers.

For example California's FCRA is much stricter than the Fed's FCRA and that is just a broad law to cover many situations but in all reality it barely scratches the surface of this problem for California and the US.

Another example: look at GA's laws for reporting criminal histories on people handling mortgage accounts this law supersedes the Fed's FCRA. So here you have once again a state that has more strict rules for that industry than what the Fed's FCRA offers as law.


Give Mommy a Kiss....


BTW - welcome to DU :toast:


This is a HUGH HUGH HUGH problem that will take many people working at all levels of the industries and government to protect the consumer's

I nominate it for Post of The Day :)

in call centers in India, China, South Africa...etc

Then add into the mix that medical records are being processed over there as well....they think the labor being cheap is a good thing until those individuals get tired of getting screwed and they decide to abscond with loads of personal data and credit card numbers ...and wreak havoc.

There is no excuse for this negligence. No more...

why bother? its probably those same 'federal authorities' that are resposible. this has happened quite a few times before too and imho, it is rather possible that this is just one more example of data mining by the evildoers in charge of the us.