25 Jul 2013

Former SEC attorney: government claims it will protect your data but ‘it cannot honor that promise’

By Madison Ruppert: According to a former attorney for the Securities and Exchange Commission (SEC), despite the government’s claims that it will protect your private data, it simply “cannot honor that promise.”
This is especially troubling given the growing presence of centralized systems in which massive amounts of private information is held, such as the Federal Services Data Hub authorized by the Affordable Care Act, better known as Obamacare..
The statement was made by Hester Peirce, who currently serves as a senior research fellow at the Mercatus Center at George Mason University, and previously served as senior counsel to Senator Richard Shelby’s staff on the Senate Committee on Banking, Housing, and Urban Affairs.
The government can earnestly promise that it will protect your data, but—staffed as it is with humans, some of whom are diligent but careless and others of whom are ill-intentioned—it cannot honor that promise,” Peirce wrote for The Hill.
She made her remarks in response to the latest instance of a government agency mishandling private information, in this case it was SEC employee data leaked by a former SEC worker.
In her article, Peirce raises concerns about the Consumer Financial Protection Bureau’s data collection practices.

The CFPB is “compiling a database of loan-level data,” according to Peirce. It also holds on to 4 percent of consumers’ credit records dating back a decade, though the agency says that all of this data is not tied to a named individual.
“The CFPB collects very detailed information about customers, such as credit card account information, directly from the firms it regulates,” Peirce wrote.
Despite the claims made by the CFPB, “The fact is, the CFPB does have some personally identifiable data and—using a little bit of elbow grease or the computer wizardry of its Generation Y workforce—can probably tie a named consumer to the allegedly unidentifiable data it has,” according to Peirce.
While the CFPB attempts to reassure Americans by saying that they store confidential information and data “according to information security requirements that comply with applicable Federal laws and regulations,” such statements are hardly comforting.
As Peirce notes, the SEC does the same thing as do the other agencies who have, in one way or another, released personal information.
Peirce points to a 2006 incident in which a Department of Veteran Affairs employee “lost—in a home burglary—electronic data containing sensitive personal information on 26 million of our nation’s veterans.”
The VA’s notice published at the time stated that the data released included names, addresses, Social Security numbers and even some information about individuals’ disabilities.
Peirce argues that breaches like the most recent one at the SEC should be expected since it just another human organization.
“That is why we ought to be awfully sure that regulators really need data before we start handing it over to them,” she concludes.

No comments:

Post a Comment