With the 2014 holiday season coming into full swing, Americans will spend more than $600 billion, a 4.1% increase from last year. But it’s not all glee and twinkling lights out there. According to the Credit Union National Association, a recent poll showed that 45% of credit and debit card users will be thinking twice about how they shop and pay given the tens of millions of shoppers affected this past year by security breaches.
What is our personal information worth?
Stealing identities is a lucrative pastime for those with criminal intent. The Black Market pays between $10-$12 per stolen record, and that is just the base price. When enriched with health data, the value is as high as $50 per record, because it can be used for insurance fraud.
Are the thieves getting smarter or are we getting sloppy?
With ubiquitous access to technology globally, general acceptance to online shopping and the digitization of health records, there is more data online with more opportunities to steal our data than ever before. Unfortunately for shoppers, 2013 was known as ‘the year of the retailer breach,’ according to Verizon’s 2014 data breach report. Unfortunately for patients, healthcare providers were most noted for the highest percentage of losing protected healthcare data.
So what can we do to be smarter and safer consumers?
No one wants to bankroll the thieves’ illegal habits. One way to avoid breaches would be to regress 20 years, drive to the mall and make our purchases with cash, or go back to completely paper-based healthcare. Since that isn’t going to happen, here are a few suggestions to avoid being on the next list of victims:
- Avoid irresponsible vendors and providers by being an educated consumer
Sites such as The Identify Theft Resource Center (http://www.idtheftcenter.org/id-theft/data-breaches.html) and U.S. Department of Health and Human Services (www.HHS.Gov) expose the latest breaches in retail and healthcare, respectively. Look up who you are buying from and receiving care from and make sure they are doing everything they can to protect your data. If they didn’t respond in a timely fashion, tried to hide the breach, or didn’t implement new controls to protect your data, avoid them. Or take your chances knowingly.
2. Expect to be hacked and plan for it
Most organizations you trust with your personal information have already experienced a breach. In fact, according to a recent survey conducted by the Ponemon Group sponsored by Informatica, 72% of organizations polled experienced a breach within the past 12 months and more than 20% had two or more breaches in the same timeframe. At the moment, given this sad trend, practicing good password hygiene is your best protection. Change your passwords frequently and work on making them strong. When setting passwords, avoid using words or phrases that you publicly share on Facebook or other social sites. When answering security questions, most security professionals suggest that you lie!
3. If it really bothers you, be vocal and engage
Raise your voice and let policy makers know which way the wind is blowing. Many states are invoking legislation to make organizations accountable for notifying individuals when a breach occurs. For example, Florida enacted FIPA – the Florida Information Protection Act – on July 1, 2014, which stipulates that all breaches, large or small, are subject to notification. For every day that a breach goes undocumented, FIPA stipulates a penalty of $1,000 per day up to an annual limit of $500,000.
The holiday shopping season is already in full swing as major retailers are re-writing the seasonal calendar to push presents into your mind while you’re still planning for Thanksgiving. Now is the perfect time for you to ensure that you’re making the best – and most informed – purchasing decisions. You have the ability to take matters into your own hands. Think about your data first and keep it secure this year and every year.
Julie Lockner is vice president,of product Marketing, Data Security and Archive for Informatica