Kroll Fraud Solutions Blog – A Dialogue on Data Security

In the past couple of days, there’s been a story out in the media about a handful of shopping malls testing a technology that reads unique serial numbers from mall visitors’ cell phones and tracks their movements. Want to know how many visitors shop in Store A and then go to Store B? Or how many people who have lunch in the food court aren’t shopping anywhere else in the mall? The system can tell you that, too.

Over the years, most class actions around data breaches have been unsuccessful due to the lack of concrete economic damages. Courts have held that damages such as the cost of credit monitoring, identity theft insurance, replacement credit and debit cards, and time and effort spent remediating identity theft issues are not compensable damages. This results in most class actions being dismissed without a trial. However, a recent First Circuit decision provides ammunition to plaintiffs seeking class action relief where at least some of the plaintiffs have experienced unauthorized charges. 

There has been much discussion in the media recently about spear phishing. Far from being a consumer issue only, spear phishing has emerged recently as sort of an attack du jour, as this method has been recently linked to several data breaches.

According to the recently released IBM 2010 Trends and Risks report, “The single most common threat vector used over the past few years … is spear phishing where an object contains a link to a web page that contains malware. The delivery of this type of message to victims can occur through email, instant messaging, and social network sites.” This pertains to targeted attacks, where the hacker has targeted specific content or a specific company, not necessarily where a hacker is casting a wide net to pull in anything of value.

At last week’s IAPP Global Summit, we were excited to be among the attendees who are passionate about their professions and eager to learn what is new. Here are a few topics that made an appearance at this year’s event.

Putting Policy into Practice

Legislative compliance and privacy standards proved to be a top-of-mind concern for many attendees.

Heather Beeler, Product Manager of Kroll’s Fraud Solutions, observed “a general sense of urgency around putting privacy standards and regulations into practice across the board,” from government interests across the globe to the public and private business sector.

This Friday, January 28, is Data Privacy Day – marking an international celebration, with people and businesses all over the world participating in events and initiatives. Data Privacy Day raises consumer awareness about the growing difficulties of protecting sensitive information and keeping it private. We called this day to readers’ attention last year, and later noticed an entry at the Data Privacy Day blog calling attention to an insightful article written by Jay Cline, President of Minnesota Privacy Consultants, that’s titled “The Top 5 Mistakes of Privacy Awareness Programs.” The blog issued a challenge to establish a training program if your company doesn’t already have one, and to maintain it permanently.