DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No law, no investigation. So change the law!

Posted on December 17, 2009 by Dissent

On August 28, Missouri’s new data protection law went into effect. Fat lot of good it did for past clients of Nationwide Credit Counseling. When their financial records, replete with personal information, were found in bankers boxes in a dumpster , were they notified of the breach? No. And was any action taken against the company for just dumping their data? No.

OzarksFirst.com, which broke the original story, now reports:

Police are dropping the case against a suspect who threw away sensitive documents in a dumpster in Battlefield….. Dave Vallely, Battlefield police chief, says the company that owns the dumpster does not want to prosecute.

Investigators found a suspect, but now they will close the case. Vallely says he does not believe any crime other than illegal dumping was committed.

Missouri’s data protection law does not cover paper records or paper breaches. So Nationwide may have exposed numerous people to identity theft or fraud and get off scott free.

Nor does H.R. 2221, the Data Accountability and Trust Act, include required notification of breaches involving paper records.

If consumers are to have trust, we need to trust that our personal information will be protected, regardless of whether it is in paper format or electronic. As the ITRC’s press releases this year indicate, paper breaches now account for 27% of all breaches included in their annual statistics. Any proposed federal legislation that does not include both protection of paper records and disclosure of paper breaches is incomplete and should be amended.

Category: Commentaries and AnalysesFinancial SectorOf NotePaper

Post navigation

← Former Lone Star National Bank VP convicted of bank fraud
Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased →

2 thoughts on “No law, no investigation. So change the law!”

  1. 4justice says:
    December 17, 2009 at 9:58 am

    Another great example of how casual our authorities treat this crime. Unfortunately, most of our media would have everyone believe Identity Theft is contained to only financial, and by having a monitoring service you are safe. A thief can get a whole lot further and instill tremendous damage with a social secuirty number and drivers license info than with a credit card and checking account. Our stolen information is a valuable resource to be sold for quick money by the criminals.

    My social secuirty number being sold to 12 illiegal immigrants working at 12 additional jobs in the nation is not going to surface on my credit report nor is the warrants I have for my arrest for crimes someone committed using my personal information. That is why these AG’s need to force these companies to pay for a total restoration services company for those whose information has been breached by a negligent company. An individual cannot cover the five major areas of Identity Theft. We have an epedemic on our hands.

    1. admin says:
      December 17, 2009 at 10:21 am

      I agree with you, but as we both know, the AGs can’t enforce laws that don’t exist.

      This site and its companion sites routinely report breaches that do not involve SSN, financial data, or credit card data. This site also reports paper breaches and breaches that do not affect huge numbers of people, precisely because I think legislators and the media still don’t “get” that while they focus on one aspect of ID theft or fraud, they are missing other significant problems.

      One of the biggest examples I see of this is in reading Medicare or Medicaid fraud stories or press releases. Medicare and Medicaid fraud frequently involves medical ID theft, yet most of those press releases never report how the fraudsters obtained the patient Medicare and Medicaid numbers used for fraud, do not mention whether those patients whose numbers were misused were ever notified, and there is no indication as to how many might have had problems because their medical insurance records not contain false information. And when the fraudsters are sentenced, there is no indication that they are required to pay restitution to patients who may have to spend time and money to straighten out their records.

      For some people, a breach may mean simply calling a bank, getting a fraudulent charge reversed, and getting a new account number and notifying people of same. For others, the consequences are much more serious, as you note. I was horrified to read the story of someone who had suffered for 35 years because of ID theft.

      So I’ll keep beating my little drum over here in my little corner of the blogosphere and hope that others will join in and that many more people will let Congress know that what they’ve proposed to date is not nearly comprehensive enough. And I hope Congress finds its cajones to undo what HHS has done in watering down the breach notification requirements under the HITECH Act.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.