On Identity Theft and Breaking the Wrong Record
ep, some big players and some not so big are on this list - Countrywide, Bank of New York Mellon, Wells Fargo, to name a few of those among some of the big players that had customer records go missing or stolen.
But before you say "Thank goodness my institution isn't on that list," ask yourself - how would you know if a breach had happened to your data? Unless you're certain that no one has breached your proprietary information or your customer database chock full of NPPI (non-public personal information), then don't breathe that sigh of relief. Here's the ITRC 2008 Data Breach stats for banking/credit/financial companies. So, 52 companies in our industry had a total of 9,209,547 records taken, and that's just for the first 8 months of 2008.
Before you say "Thank goodness ...," ask yourself - how would you know if a breach had happened to your data?
When I spoke with Linda Foley, founder of the ITRC earlier this week on this dismaying news, she bluntly told me that it was high time people took identity theft and data breaches seriously. She says its time to draw a line in the sand and say "enough is enough." I say yes, it's time to treat your customers' information as if it were your own. What would happen to your institution (and your job) if its proprietary information was stolen?
Getting more personal, think what impact would it have on your life if your identity was stolen? Having heard several friends relate their tales of identity theft, I can assure you it's a nightmare, and it often takes years to regain your identity, even with help from organizations such as the Identity Theft Assistance Center. It's a painful journey.
Now, as for what our industry is doing about it in terms of protecting customer information and their identities, we're watching what the level of compliance will be with the ID Theft Red Flags rule that all financial institutions will be examined on come November 1.
When you're thinking that your ID Theft Red Flags examination is just another compliance exercise that will be over and done with after your next exam, just look at that list of data breaches above and think of what you would say to your angry customers (many of who will also be your employees) when they ask after their information and/or bank account is stolen from your institution "What were you doing to protect my personal information, and how could you let this happen?" Just ask Countrywide, Bank of New York Mellon or Wells Fargo. They'll tell you that handling angry customers whose information has been stolen isn't a day at the breach, umm, beach. (Don't forget you've got roughly 63 days (including weekends) to be ready for ID Theft Red Flags.)