Do you do online surveys?

[vt_maverick]

Unfortunately it's the people between the individual and their security professionals that most often cause the problems, and in the case of military organizations (in my experience) there is little to no consequence for leaks. For example, when my wife separated from the Air Force, she was supposed to receive her mobility folder, which contained essentially everything that uniquely identified and documented her time in the service. That included dog tags, DNA registration, comprehensive medical history, and complete financial record. When she went to pick it up she was informed by a young airman that approximately a third of her squadron's mobility folders had been lost, and that they assumed they were accidentally shredded. Subsequent inquiries up the chain yielded no result, and is often the case in the military, an E-3's complaint just doesn't receive as much attention as that of an O-6. She was basically told not to worry about it.

A year later the office contacted her to ask why she had never picked up her records. Apparently after a year of being missing, they had magically reappeared. And the best part was that the current staff denied that they had ever been lost. So it makes you wonder, what happened during that period of time? Think those legal protections will ever stop that kind of thing from happening? IMHO, not while 19 year-olds are the ones doing it (I know I know, there are tons of responsible 19 year-olds in the service who do a great job for their country, but there are a significant number of screwballs too.) and while you have line management who refuses to ensure there are consequences for mistakes.

So while I agree with you that in principle the government affords us more protection under the law, in reality I think the risk ends up being about the same.

[Stephen Biko]

So while I agree with you that in principle the government affords us more protection under the law, in reality I think the risk ends up being about the same.

Again - its the difference between systemic and one-offs. The law prevents them from designing a system that abuses that information - no way would they be able to implement a program of selling that information to anyone and if an attorney wanted access to the information it would require judicial oversight in the form of a subpoena.

[vt_maverick]

Again - its the difference between systemic and one-offs. The law prevents them from designing a system that abuses that information - no way would they be able to implement a program of selling that information to anyone and if an attorney wanted access to the information it would require judicial oversight in the form of a subpoena.

I think we're talking past each other here. All I'm saying is that the probability and impact of identity theft is not necessarily determined by whether the threat can be classified as "systemic" or "one-off." What's the difference between a guy in China hacking into a military personnel database vs. a VA employee accidentally bringing thousands of SSNs and medical records home with him on his laptop? They can both result in the same level of damage, and we're at risk for both all the time. And the reality is that it's much more likely that you'd lose your privacy via a "one-off" mistake made by an insider with ready access to your data.

[ZubrAZ]

I think we're talking past each other here. All I'm saying is that the probability and impact of identity theft is not necessarily determined by whether the threat can be classified as "systemic" or "one-off." What's the difference between a guy in China hacking into a military personnel database vs. a VA employee accidentally bringing thousands of SSNs and medical records home with him on his laptop? They can both result in the same level of damage, and we're at risk for both all the time. And the reality is that it's much more likely that you'd lose your privacy via a "one-off" mistake made by an insider with ready access to your data.

Seriously? You dont see the differrence? Yes, we're at risk at both, But the risk levels are way different in your exmaple.

Yes, most of the personal info gets out of control on a corporate level, and it's not a consumer's fault, but there are still chances that you may get hit because of your personal negligence to minimize your personal protection level and allowing easy access to your personal info.

Here is an easy example: your cedit card info may get stolen from the corporate database. Thief will copy the card and try to use it at the gas station that requires zip code to activate. If your name isnt John Johnson and you are in White Pages - voila! Here is the zip code! But this scenario could be avoided if you ubsubscribed (or whatever you need to do to be removed from their database).

So, once again, the advice here is to minimize the risk on a user-level.