Data Breach. Cause for Alarm or a Big Yawn?

By August 2008, there were more publicly disclosed data breaches among U.S. businesses than for all of 2007. More information is created, flowing and stored by commercial enterprise than ever; more clever schemes are being hatched by criminals for hacking or disrupting information; employees don’t appreciate the value of assets you can’t feel; and consumers are befuddled by a maze of privacy notices, data theft notices, credit report advertisements, and scare tactics launched by advocacy groups—well intentioned though they may be. More than 40 U.S. states have laws requiring disclosure of data breaches. If these were intended to create incentives to prevent data breaches and reduce occurrence, how do we explain the steady rise? Are the laws ineffective? Are businesses accountable beyond some adverse publicity, once they provide legally mandated disclosure? Have we become jaded by news reports, privacy and breach notices as just so much junk mail? In the credit card world, consumers generally have a maximum $50 liability if a card is lost or stolen. In situations where there are no real time approvals, credit card companies take the risk. In that environment, a business decision is made to accept certain loses because the potential revenue generated by the business model yields a greater reward. In the world of consumer privacy and personally identifiable information disclosure, who is taking what risk? Studies for years indicate IT professionals appreciate that digital crime—theft of intellectual property, piracy, theft of trade secrets, customer data or employee information—is a problem. Many companies may not even know their security is breached and others have little incentive to solve the problem. Need more information? Come to my web page, contact me and tell me what you think. Call if you need help with a policy, a position or an understanding of your legal rights and obligations. We can help.

Gas Price Giving You Gas?

Reaching for that bottled water? At an average of $1.49 per bottle, that comes to $21/gallon. You could supercharge your tank with Starbucks coffee at $12+ per gallon. Better yet, Bud Light at $9.73 per gallon looks like a bargain—although good ol’ Vitamin D milk checks in at only $3.50/gallon. Now when compared with Absolut Vodka at about $58 per gallon or Chanel No. 5 perfume at $25,600 per gallon—well gasoline doesn’t sound all that expensive, does it?

Useless But compelling Facts – September 2008

In times of turmoil, everyone seeks to blame someone else. Especially with our financial institutions in jeopardy, everyone seems to be passing the buck. One might think the expression derives from the almighty dollar, or from a hunting expedition that forgoes any stag with insufficient points, or that someone saved from the brink, instead of “kicking the bucket” might pass the buck. Sorry, all of these are wrong. So where did the expression “passing the buck” or “the buck stops here” come from? Think you know, send your answer to me.

Useless But Compelling Facts – August 2008 Answer

Last month we asked you to tell us how Hicks was awarded Olympic Gold in the 1904 games, even though he didn’t actually cross the finish line first. This month’s prize winner comes to us from The Hague, Netherlands. where Cor van den Beukel at Shell Information Technology correctly noted that Frederick Lorz appeared at the finish first—unfortunately, it was discovered he enjoyed a leisurely ride in a car from mile 9 to 18, and with Lorz disqualified, the medal went to Hicks. Congratulations, Cor!!

Wish I’d Said That (NOT!)

“The worst of the impact on the financial-services industry is behind us.” Richard Fuld, CEO of Lehman Brothers, April 15, 2008, after the Annual Meeting.

Clarence Darrow

“True patriotism hates injustice in its own land more than anywhere else.”

Investigating Online & Interactive Advertising

The U.S. Congress appears determined to investigate online advertising. Early this month, the House Energy and Commerce Committee issued a letter to more than 30 companies, and what began as an inquiry into how Internet service providers use network data to target advertising, has morphed into a fishing expedition into all kinds of interactive advertising. Most notably, and despite urging by the FTC to allow self-regulation to take hold, the Committee does not differentiate between personally identifiable information and non-identifying, anonymous data used for traffic metrics, ad insertion and other common advertising purposes. Lumping different kinds of information together could needlessly undermine marketing as it has been practiced for decades. The “tailoring” of advertising, in the Committee’s words, based on consumers’ behavior and media consumption patterns, has been at the heart of marketing for as long as marketing has been around.

More disturbing are presumptions that “privacy” rights are being violated by any and all forms of behavioral or targeted marketing. Advocacy groups opposed to commercial communication seek to promote an implicit, yet fundamental redefinition of personal privacy—i.e., anything that derives from peoples’ activities, no matter how distanced or anonymous. Taken to logical conclusion, any academic, commercial or journalistic observation of consumer activity could fall under regulatory restrictions under such a framework. Not surprisingly, the FTC—with its long history of regulation of advertising practices—has argued before Congress that self-regulation is likely to be an effective means of protecting consumers’ real privacy interests. According to testimony by FTC Consumer Protection Bureau Director Lydia Parnes before the Senate Committee on Commerce, Science, and Transportation this July, the FTC is “cautiously optimistic that the privacy concerns raised by behavioral advertising can be addressed by industry self-regulation.” Nevertheless, in the letter released this month and in three previous inquiries over the past few months, both the House and the Senate seem to be searching for a rationale to regulate. Stay tuned.

Ad Blocking is in Vogue – Privacy is to Blame (Again)

Ad-blocking programs are getting attention these days, spawned by the proliferation of plug-ins, configurational ad-ons, and announced features in upcoming browser releases. These enable the blocking of ads (or content that “looks” like advertising) by browsers, automating the removal or blocking of some or all content from being viewed on web pages. There has always been a balance (and some would add “tension”) between a consumer’s right to privacy and the marketer’s desire to know more and reach the right customer. The direct intersection of these issues resulting from the rise of consumer and commercial use of the Internet and its complexity, have spawned a degree of heat over these issues, never before seen in history.

From the earliest days of ad-supported radio and television broadcasting there has been a balance between the delivery of cost-effective programming and content and the right of the viewer (today, the end-user) to determine what, when and in what form ads are displayed. Advertising plays a major role in subsidizing delivery of programming. Indeed, while technology may give the individual the ability to skip advertising, there are no legal prohibitions on newspapers, television or radio serving ads along with content. There is also little question that without advertising, the price of content would rise significantly or its availability would diminish, or both.

Continue reading “Ad Blocking is in Vogue – Privacy is to Blame (Again)”

Useless But Compelling Facts – August 2008

As the Olympics came to a close, I was reminded of Thomas Hicks in the 1904 Olympic marathon in Missouri who, when starting to fail around the 19th mile, had his coach hand him a prepared cocktail—cognac, egg whites and 1/60th grain sulfate of strychnine—yes, the rat poison! A second dose with only a few miles to go apparently kept him going (another would likely have killed him), but alas, he crossed the finish line second. But the person who came in first was disqualified and Hicks was ultimately awarded the Gold Medal—notwithstanding his almost comatose state. Who was the disqualified athlete and for what? Send your answer to me.

Useless But Compelling Facts – July 2008 Answer

Last month we asked you about two individuals who had the courage to print the Declaration of Independence—a hanging offense at the time. The fastest right answer—coming in two emails before anyone else fired off a single one—comes from John Falco, a long-standing Legal Bytes reader. He correctly told us that after Congress adopted the Declaration of Independence, Jefferson’s handwritten copy was sent a few blocks away to John Dunlap’s print shop at 48 Market Street. Then, in January 1777, the Continental Congress ordered signed copies to be more widely distributed and hired Mary Katherine Goddard to do the job. In addition to being the first American woman postmaster, she operated the Maryland Journal, a Baltimore newspaper, and owned a print shop where the copies were made.