In The New York Times today, Ms. Nicole Perlroth, started her column with “LinkedIn is a data company that did not protect its data.” This is a very powerful statement coming on the heals of a cyber-attack that posted the usernames and passwords of over 6 million LinkedIn users on a Russian Internet forum. Has the collective conscience of Internet users become so numb to the daily occurrence of data breaches, that they simply dismiss the necessity for protecting their privacy? Does privacy have a value any more?
Ms. Perlroth’s beginning statement is not as profound as what followed later in her article: “[a] company that collects and profits from vast amounts of data had taken a bare-bones approach to protecting it. The breach highlights a disturbing truth about LinkedIn’s computer security: there isn’t much. Companies with customer data continue to gamble on their own computer security, even as the break-ins increase.” As a publicly traded company, who is subject to the recently released “guidelines” on computer security by the Securities and Exchange Commission, are the corporate officers and board members liable to the shareholders for a lack of due diligence in safeguarding their most critical asset? Do the shareholder’s even care about the data leakage?
The article rightfully points out that because the legal consequences are minimal at best, and that the harm caused as a result of the breach is negligible (they didn’t lose any customers), the ability for shareholders to make a claim against the board of directors or corporate officers is a tough standard to overcome (the stock price went up after the data breach announcement). So where does the necessity to secure mission-critical data begin and end? Have we become immune to our private information being stolen? Is having my information stolen, really my problem?
“Computer security is not regulated and even as loads of sensitive personal, corporate and financial data gets uploaded daily, companies continue to skimp on basic protections. If 5 percent of airplanes in the United States crashed tomorrow, there would be investigations, lawsuits, a cutback in air travel and airlines’ stock prices would most likely suffer.” – The New York Times, June 11, 2012