- Michael Fertik is the founder and CEO of Reputation.com, an online privacy and reputation management company. He is a member of the World Economic Forum Agenda Council on Internet Security and recipient of the WEF Technology Pioneer 2011 Award. The opinions expressed are his own. -
Last week’s Epsilon data breach is the Exxon Valdez of privacy. It is a wake-up call that it is time to reform our privacy infrastructure from the ground up, much as the Exxon Valdez oil spill of 1989 should have served as the wake-up call to reform our energy delivery infrastructure to prevent disasters like last year’s BP Deepwater Horizon spill.
On Friday, the email marketing firm Epsilon revealed that tens of millions of private names and email addresses were stolen, putting millions of people at risk of fraud. Intruders were able to harvest names and email addresses that belong to customers of companies like Best Buy, Capital One, and J.P. Morgan. Banks and retailers gave this data to Epsilon to run email marketing campaigns. In turn, someone penetrated Epsilon’s security, and was able to download millions of names and addresses, which presumably are being sold on the black market at this very moment.
The immediate result will be literally billions of spam and fraud messages flooding inboxes around the world, many trying to trick users into giving up financial information to scammers. But the real impact of Epsilon is to bring home the dangers of corporate strip-mining of our personal information. Just as the Valdez spill proved that there is no perfectly safe way to transport petroleum, every incident like Epsilon should teach us that there is simply no perfectly safe way to transport and store massive amounts of private data.
Companies like Epsilon store your personal data in huge databases, each containing millions of pieces of personal information. Each of these personal information databases is like a supertanker plying the high seas. When everything goes exactly as planned, there is admittedly little risk. But, if the Exxon Valdez, the Deepwater Horizon, and countless smaller spills have taught us anything, it is that things always deviate from the plan. And no company can possibly foresee every way that data storage can go wrong: a disgruntled employee, a skilled hacker, a sloppy IT staffer, a new attack on web servers, or possibilities that we haven’t thought of yet—there will always be unanticipated flaws and unforeseen shoals.