Wednesday, January 3, 2007

The Lost Wallet vs. The Mugging

According to the new round of disclosure laws that sprouted up out of state houses in the past couple years, if an outfit loses your data, they ought to let you know. The notice if familiar to just about anyone either attended an institution of higher education, applied for credit or was issued a Social Security card.

"Dude -
We lost your information in a way we may or may not describe to you.
The Man"

The Dude reads the letter, cusses, and hopes for the best.
Of course this doesn't work in the real world. Consider the alternative:
Dude loans his ATM card to his buddy to grab a sixer and pack of butts at the Sunshine Mart. Bud comes back without card nor highly taxable products. The Dude has some key risk assessment questions to ask, primarily, "Did you lose it, or were you mugged?"

This question is key, and when extrapolated to the Man's letter, exposes why disclosure laws generally suck in protecting the Dude. The Man isn't required to fess up as to the how and who of the incident, so the Dude can't make an informed decision. Does he call up the bank, cancel the card, bum butts and distill moonshine until the bank gets it all figured out? Or does he ask Bud to go crawl back into the Chevette and dig around between the seats?

SB1386 and its cousins don't require the Man to give the Dude enough information to make an informed decision. There's a difference between privacy and compliance. Compliance can really suck.

No comments: