Over 100 Million Identity Theft Victims since 2005

The most recent theft of personal data occurred this week when thieves stole a laptop computer containing unencrypted personal and confidential data concerning about 382,000 current and former employees of the Boeing Corporation. According to an online article in Infoworld, the United States hosts a huge number of prospective victims of identity theft,

That disclosure pushed the total number of data breach victims on the Privacy Rights Clearinghouse Web site to 100,152,801, said Beth Givens, director of the consumer advocacy group.

The Privacy Rights Clearinghouse provides a great chronology and details data breaches which have occurred since February 15, 2005. The list contains a who’s who of companies, government agencies, and educational institutions which arguably have not yet prioritized data security in the quest to maintain an active internet presence. In my opinion, with the existence of at least one hundred million possible identity theft crime victims just over the last couple years, corporations and government have not done much to protect personal information. I think high profile litigation could certainly help force corporations and government agencies to re-prioritize data security while focusing appropriate resources toward finding effective data protection solutions including encryption technology, password proteciton and biometrics. Otherwise, so long as the general costs of enhanced security are greater than the overall costs of keeping the same computer and data protection systems in place, business and local government have no realistic incentive to innovate and will likely continue a stay-the-course mentality. What do you think will force corporations and government to change the current approaches to protecting personal and confidential data? Based on the Privacy Rights Clearinghouse disclosures, do you think business and government have done a good job protecting confidential and personal information? What changes, if any would you propose to ensure proper data protection? Do you believe litigation can assist in providing corporations and government with incentives to innovate? Do you think that juries can assist corporations and government to prioritize data security by showing that litigation awards make the costs of staying-the-course greater than the cost of data security innovation? I believe juries serve a useful purpose to remind corporations and government that data protection must not be taken lightly.