Target is targeting our privacy. There’s a big red bullseye, a target – like the one on the shirt I’m wearing today – that Target and Neiman Marcus, who chose not to show up to answer questions today, have put on us because they haven’t done enough to protect our private financial data. And the reason is that there’s no financial incentive to do so.
110 million Americans had their personal financial information breached. That ‘s one out of two adult Americans. I was in Sacramento today to testify in front of a joint California Assembly committee hearing investigating the breach. And yet Target did not send a single representative to Sacramento today to answer questions about the largest data breach in American history?
The fact that Target didn’t show up today tells us all we need to know about how sorry Target is and how committed it is to our privacy.
If you are as offended by this as I am, I have a t-shirt for you to wear too.
The reason Target won’t face legislative questions today is the same reason that our personal financial information and data is at such grave risk: there is no price to pay. There are few financial penalties to companies like Target when our personal data is taken.
Beyond public embarrassment, Target has little financial incentive to care.
We, the consumers, pay the consequences but we have no remedies.
According to the Committees’ own staff research, 1 in 4 consumers whose personal information that is taken becomes a victim of identity theft. 1 in 4 victims of a data breach is also a victim of identity theft. If these numbers apply to Target, that would potentially create more than 25 million identity theft victims.
There’s a harm. The retailers had a role in creating that harm. And yet they have no liability under California law for what they have or have not done to safeguard the sanctity of our personal information.
The problem with privacy violations is that unlike thefts of money or property the law does not recognize a harm and does not provide a remedy.
As the Committees’ staff research states: consumers have no remedy under the law for the loss of financial privacy suffered through these data breaches, and the 1 in 4 risk of id theft they face. Zero remedies.
So why would retailers invest in greater security, or meet voluntary industry standards, or move away from risky magnetic strip technology?
If they don’t have to pay a price they don’t have an incentive to change. And that leaves our private financial information with a big bullseye on it.
What can we do?
We need a California financial information act that mirrors our Medical Information Privacy Act.
When there is a data breach of our medical information, the drug company, hospital or medical center is liable to the consumer for $1,000 per violation.
Guess what? Medical data breaches are fewer and farther between. When they occur companies pay a big price.
The same should be true for our financial data. We need a California Financial Information Privacy Act
It would:
- Change notification standards to be immediate.
- Write minimum-security standards into the law so that they are no longer voluntary.
- Set limits on the time data can be retained. And limits on what information can be collected and retained
- Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.
Until there is a price to pay, Target and other retailers will continue to make us targets.
If you are as offended as I am by Target’s absence today in Sacramento, please share our Target design online to show your displeasure.
When a company as big as Target won’t provide a single representative to answer questions about the largest data breach in American history, it is time for California to step up and deliver on the promise in Article 1 Section 1 of our state constitution: Privacy is an inalienable right.
Posted by Jamie Court, President of Consumer Watchdog.
These companies can only survive by cheating their customers in some way. They’re cheap to buy goods at, but they’re utterly disdainful of the rights of their customers. The ONLY way these people will learn is with a dramatic decrease in sales.
Companies like Costco and Winco are thriving, while Target, and Walmart are declining. The former pay their employees a fair wage with benefits; the latter throw their underpaid employees under the bus with paltry wages, quick-firing practices, and limited hours, so they’re forced to rely on Federal and State assistance programs to survive.
This is not the America I’ve lived in for the first decades of my life, but, since Reagan, we have slowly trod toward becoming a nation (and State) of unemployed and underemployed for whom the American Dream is but a cruel joke.
The only difference between this and how your credit card information is usually used is that Target didn’t get paid for this.
If you want privacy, stop using a credit card.
Your ID is already public in any number of ways: Credit and Debit Cards, your SSN, your Drivers License, your internet account, eMail address, etc. I suspect, for example, that if I observe your automobile’s license plate, I can get other information about you, if I was willing to do what it takes.
We HAVE to get control of this. Many years ago, Scott McNealy said it best: “Privacy is dead; get over it.” What I don’t agree to is the notion that Privacy is dead. It is dead if we, the Citizens of the United States, allow our elected (and appointed) officials to ride roughshod of common citizens as if the Constitution’s Bill of Rights is merely an historical curiosity of no judicial value whatsoever. That, effectively, is where we are as citizens in our United States Government, today.
Technology (and greed) enabled it; technology can, in fact, fix it, if we Americans (indeed, citizens of the world)choose that path.