May 04, 2011, 2:03 PM — The data-breach and personal-information-theft stories have been so thick recently it's hard to find time to write about anything else.
They number of breaches and ease with which they're made make it hard to imagine how we can continue to do business online if we have to assume – no matter how carefully we protect our own data – that some vendor or service company that isn't so careful will leave a door open so all our financial data can escape and start a new life for itself in China or Eastern Europe.
One in 10 Americans has been a victim of identity theft, according to this nifty graphic that aggregates data from multiple sources (and which you'll have to magnify to see clearly) .
The average number per year ranged between 8.1 million and 11.1 million from 2003 and 2009. The average cost per consumer was $4,581; the average total nationally was $54 billion. Repairing a stolen identity takes 330 hours on average; in some cases it has taken 5,840 – the equivalent of two years of full-time work.
Businesses with 500 employees spend an average of $110,000 on password management -- $220 per user per year – according to an RSA study on password costs.
Stolen data is so common, there's a relatively standard price list to rent or buy many bits of it.
One possible solution is to give every consumer a way to control what personal information is supplied to whom, when and under what circumstances. Not just whether to send the Visa number to Sony to pay for a month of Everquest, but for how long Sony gets to see the Visa number (if at all) so the transaction can be completed and our personal information can be automagically deleted from Sony's databases, so it won't be stolen.
Nice idea. Almost impossible, technically.
One alternative is a national ID system that serves as a central, secure repository of personal data over which individual consumers have control.
That might solve some data-theft issues, while raising others – the potential for abusive invasion of privacy and covert surveillance by government agencies ranging from the IRS to the local Parks and Rec. Department being the first that come to mind.