April, 2005

Sam Goldwyn maybe had his syntax a little mixed up in that famous statement but there wasn’t much doubt that what he intended was to be left out of whatever deal was cooking at the time. I feel the same about the horrors revealed one day after the next in the data management business. What we have is a massive failure to manage data.

When Congress mulls this one over and it comes to deciding who pays, include me out.

My bank requires information before they’ll lend me money. So does anyone extending me credit and thus the choice to comply was not mine unless I was satisfied to live in a cave and sit out the consumer economy. Various laws, tons of laws, piles and heaps and mountains of laws require that information thus given be protected. My doctor, my school, my government, they’re all parties to this obligation.

My obligation under this contract is to use the money for the stated purpose and, short of the bankruptcy laws, pay it back. The lender on the other side of this equation agreed to be careful and serious and responsible with what I told them because their small slice of need for my relevant statistics was genuine. This used to happen face-to-face with a loan officer.

Then, because lenders became a little bit lazy, were always a little bit greedy, a little bit busy with other things and because they could, they allowed someone without a face to provide the face to face data and new businesses were born. Giant businesses like Trans-Union, LexisNexis and Choice Point created databases and sold information to the people who were in one way or another, lenders.

No need for that messy and expensive one-on-one contact any more. No need to know your client if someone else knew them and were paid a couple bucks for the information. Less personal as well which was nice because it made it easier, cheaper and less in-your-face to say yes or no electronically and almost instantly. Along with easy and cheap came promises of security and so much energy was spent on securing the transaction that no one thought to question the security of the gate-keepers, the guys with their finger on your personal statistics.

Because the sale was secure. The sale was guaranteed to be secure. That was the whole marvelous premise, that the sale was protected and if you got scammed, your credit card and/or your bank stood behind that guarantee.

But now what? Now that LexisNexis and GM Credit and Choice Point and who knows what hospital, department store or gas station are the entry points for hackers, all of your (and my) personal information is at risk. And with all of your information out there or not (and you don’t know), a virtual you could be walking the earth with your wallet in their hand.

So far we only know a few of the breaches that have come to light . . . no one knows how many are as yet unobserved and undetected. If Polo-Ralph Lauren is hacked (gasp) can Tommy Hilfiger be far behind?

The virtual you can get a mortgage on a home you’ve never seen, buy a flashy Mercedes in your name, vacation on the Riviera, which you could never afford and when the fun and games is over, clean out what’s left of your bank account.

All because your personal information files were breached and no one knows for sure and will never know for sure by whom. Thus there’s no one to catch except in the most general way, certainly no one to point to specifically across a courtroom when your personal finances fall out from under you.

John Dillinger used a gun. Today’s stick-up man is across the world in a room by himself, staying busy being you.

Before this story is over an awful lot of people and institutions will have lost an awful lot of money and regulatory laws will be sponsored faster than good sense and technological know-how dictates. Fingers will be pointed this way and that, but when legislators try to assess individual blame and individual liability . . .

. . . include me out. I'm merely the injured party.

Get out of the Archives and read what Jim's writing today