Over the last few weeks, we have all been concerned with the reported loss of data from ChoicePoint and the Bank of America. Properly maintaining, holding and safeguarding private data is important to each of us as individuals, to the reputations and businesses of those holding data, and to the continued trust in electronic-based services. From a policy perspective, we need to continue to drive these cases to fact.
As I understand it, ChoicePoint was defrauded into selling or giving data to bad actors. The Bank of America is reported to have lost some of its tapes. These were not hacks, breach of computer systems, the result of spyware, or other ‘cyber security’ events. Notwithstanding this, in many of the policy discussions surrounding the events, it seems that people are treating them as breaches of ‘cyber security.’ From what I can glean from the factual reporting, this is not the case.
They are important cases, however, and we need to know more. Were these crimes? The principles animating what defines criminal activity are centuries old. I suspect the principles and words of existing law can be applied to these facts. But we do need to examine these facts, and think about these issues, both from a privacy and criminal law perspective. These issues will continue to play out over the next few months, and we all should inform the process as policy makers understand what happened, what it means, and react.
Have a great Friday…..