I’m tired of yelling and complaining about data breaches. As a result, I think I’m going to change my tune.
Take, for example, Rocky Mountain Bank of Wyoming USA. An employee of the bank emailed sensitive details about 1375 customers to the wrong Gmail user, and now the bank is suing Google to discover who this anonymous user is, in an attempt to try and figure out just who they managed to gift their data to, and whether their gift kept on giving. In the meantime, the Gmail account of a completely innocent bystander has been deactivated by court order.
As I see it, Rocky Mountain Bank is in their own little hell right now – they are being widely ridiculed, they have initiated an expensive legal action that can only partially assuage their fear of exploitation by a third party, they have at least 1375 really pissed off customers, and they have incurred some amount of liability and/or responsibility to those customers should their data be criminally exploited in the future.
You can think of these guys as one more incompetent organization and call them names. Or you can think of it as one more organization whose eyes have been opened to the cost and danger of playing fast and loose with customer privacy. Perhaps we simply have to hit a tipping point where enough people are close enough to enough victims that our societal internal risk meter changes. If you look at it that way, every breach can also be viewed as an education… and I’m a big fan of education.
So congratulations Rocky Mountain Bank on having your eyes opened as a corporation, serving as an example for others, and personally educating 1375 otherwise clueless end users. It is appreciated.