I came across this 2015 article on protecting customer data by Christopher Burgess. It seems like the kind of piece which will become relevant every few months for the foreseeable future, and is particularly timely now after a breach exposed data of 143 million customers held by Equifax.
I’d really like some certainty regarding who’s to blame. I’d like to be able to say, definitively, that corporations aren’t doing what they need to in order to protect the data they collect. Or that they are doing exactly what they need to be doing, but safeguarding information is harder than a person thinks. But to be honest, it’s never entirely clear to me how much blame should be laid at the feet of the companies (e.g. they didn’t apply patches in a timely manner) and how much to chalk up to hackers gonna hack. One thing’s for sure, now that the name/address/SSN of pretty much every American who manages his or her credit is out in the wild, lenders have to do more to authenticate the identity of potential borrowers. The fact that the entire authentication process hinges on a single, unchangeable, nine-digit number (which can be guessed more easily than one might think) is asking for trouble.