Saturday, MasterCard blamed a vendor of ALL credit card\rproviders called CardSystems Solutions, Inc., a third-party\rprocessor of payment card data, as the source of loss of 40\rmillion consumers credit card information.

As is pointed out by several newspaper and web articles over\rthe last few weeks, each recapping long lists of financial\rinformation data breaches, something's gotta give before we\rentirely lose trust in financial institutions, data brokers\rand credit bureaus. How much privacy loss can we take\rwithout acting?

These types of data loss were very likely common and have\rvery probably been going on for a very long time. The\rdifference is that now, THEY ARE REQUIRED BY LAW TO DISCLOSE\rTHOSE LOSSES - not just in California, but in many states.\rNational disclosure laws on data security breaches are being\rconsidered in Congress.

I suggest that these breaches of data security all came to\rlight due to the California law requiring disclosure from\rcompanies suffering hacking loss or leaks or social\rengineering or crooked employees or organized crime rings\rposing as "legitimate" customers. All of the above have been\rgiven as reasons for security lapses or poor security\rpolicies.

About three years ago, a friend told me his paycheck deposit\rto Bank of America went missing from account records after\rhe took his check to the bank on Friday. By Monday, Bank of\rAmerica was in the news claiming a computer glitch had\rdisappeared the entire day's deposits. I mumbled to myself,\r"I'll bet that was a hack and that hacker just made a huge\roffshore banking deposit with B of A depositors' money."

But we didn't find out why it happened in that particular\rcase because there was no disclosure law in place at the\rtime. Now we have disclosure laws that mandate notice of\rsecurity breaches. Now suddenly - huge financial services\rhacks and devious criminal social engineering outfits posing\ras legitimate customers and apparently "innocent" losses by\rtransport companies of backup tapes begin to come to light.

This spate of data loss incidents is proof of the need for\rcorporate "sunshine laws" that make public notice mandatory\rof those data losses that threaten customer information.

Who is going to lose here - the public, the corporations,\rthe criminals, or the government? I'd prefer that the bad\rguys get the shaft and take down crooked company insiders\rthat either facilitate data loss by underfunding security\rand encryption or participate in data theft or loss in any\rform - even if that participation is security negligence.

Financial companies and data brokers have been covering up\rthe losses and keeping quiet about hacks so as not to worry\ror frighten their customers. But that practice is\ressentially ended now that they must notify the public and\rdisclose those losses instead of hushing them up.

Keeping the breaches hidden from public view is bad practice\ras it maintains the status quo. Disclosure will facilitate\rinternal corporate lockdowns on the data and all access to\rit. Disclosure will educate the public to the lack of\rsecurity and danger to the sensitive information we all\rprovide rather casually and routinely to businesses.

As the following link to a silicon.com story suggests, we\rcannot take much more of this lack of regard to privacy and\rmust lock down financially sensitive data securely and must\rbegin to hold data brokers, bureaus and handlers VERY\raccountable.

Insist to your elected representatives that your financial\rdata be locked down, encrypted and guarded by those\rentrusted with storing, transporting and using it. Since our\rfinancial, medical and legal lives are increasingly being\rhoused in digital form and transmitted between data centers\rof multiple handlers - we need to know it is secure. We also\rneed to know when that security has been breached and our\rdata compromised or lost.

Thieves are becoming more aware of the ease with which they\rcan find and access financial data. Hacking is not the\rsource of the greatest losses.

Organized crime has easily found their way into our\rfinancial records by simply paying for it by posing as\r"legitimate" business customers of information brokers such\ras ChoicePoint and Lexis/Nexis. Any business can buy\rfinancial and credit information from those information\rbureaus and credit reporting agencies by meeting rather lax\rrequirements for "need to know" that data.

As long as it is possible to purchase our sensitive data\rfrom brokers and bureaus, organized crime will\r"legitimately" buy it from those sources, then ruin our\rcredit by selling that information at a higher price in\ridentity theft schemes.

Since disclosure laws have come into effect, those breaches\rhave been made public, credit cards cancelled before losses\rcan occur and credit reports monitored to watch for\rsuspicious activity. The bad guys activities are squelched\rbecause we are made aware of the possibility our information\rhas been compromised.

Not all blame can go to financial institutions and data\rbrokers. Protect your own private data by protecting your\rcomputer records at home, in the office, on your laptop and\rin your PDA by using basic keyword security and locking down\rfiles. Use built in encryption on your operating system and\ryour home network to keep data secure. Then be certain to\rclear that sensitive data off the computer when you sell it\ror throw it away.

Data security is something we all need to take seriously and\rthe corporate breaches are dramatic illustrations of how\rimportant it has become to build digital fortresses around\rour critical financial, legal and medical information.

Mike Banks Valentine is a privacy advocate and blogs about\rprivacy issues at PrivacyNotes.com\rYou can read more about identity theft issues at:\rPublish101

Contact MikeValentine for Search Engine Optimization\rhttp://www.seoptimism.com