Sunday, February 04, 2007

Consumer response and responsibility

Dissent, at the Chronicles of Dissent (part of Pogowasright) asks whether consumer stupidity plays a role in privacy breaches and the response. Dissent points to an article from my local newspaper, the Chronicle Herald, quoted below.

I can't say that Canadians are more prudent or insistent about their privacy than our cousins below the border, or more stupid. In my experience on the east coast of Canada, most folks around here are much more trusting of the companies they do business with. The cynicism from down south hasn't quite permeated this neck of the woods. One thing we generally are more tolerant of is government regulation, such as that governing privacy.

We have not yet seen any provinces or the federal government come up with mandatory breach notification, with the narrow exception contained in Ontario's health privacy law. In that regard, we are lagging behind most of the states in the US.

Winners reassures Canadians

Security breach did not involve cards issued north of border, says retailer

By AMANDA-MARIE QUINTINO The Canadian Press

TORONTO — Assurances from Winners and HomeSense that a security breach reported last month did not involve Canadian debit-card transactions isn’t making much of dent with customers of the two retail chains.

Not much can keep them from their bargain hunting.

The deals to be found at Winners makes the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain’s cavernous stores in downtown Toronto.

Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn’t stop her.

...

"Our computer security experts have now completed their investigation of the portion of our computer network that handles Winners and HomeSense transactions, and they have advised us that they do not believe that debit cards issued by Canadian banks were compromised in the intrusion," said a TJX statement posted on the Winners website.

I note there is only a reference to Canadian debit cards.... nothing said about credit cards.

1 comment:

Dissent said...

Thanks for sharing your impressions, David. I do think Canada is way ahead of the U.S. on actually investigating and dealing with breaches involving medical privacy. I periodically report stories where patients' medical records are found blowing down the street or where hospitals have had laptops with patient records compromised or stolen, and yet there has not been any serious investigation or charges -- or penalties -- under our HIPAA law -- or any other law for that matter.

Then, too, I see stories here about how people buy others' personal details and then put them up for sale on eBay or on the web. I don't think I've ever seen a story like that coming out of Canada, have you?

So even though you may be lagging behind us in notification laws, I think Canada is ahead of the U.S. in other important respects. The Herald Chronicle story surprised me as I would have expected the shopper's reaction here, but not there.