Some simple, cheap measures could help protect personal data.
The theft of data, often involving personal information about customers and employees, is increasing dangerously fast. After data on 40m credit-card accounts were stolen from the computers of a data-processing firm based in Atlanta, Georgia, business leaders and politicians everywhere are taking notice.
Data theft accounted for over $50 billion in losses last year in America alone. Careless information-security practices have left vulnerable the personal information – such as financial details, health records and Social Security numbers – of around 50m Americans.
Europe has avoided the spectacular data-protection problems that have been happening in America. That may be in part because it started do take the problem seriously a decade ago. The European Union’s 1995 data-protection directive requires firms to assess their data-protection practices and to document how they handle sensitive information. These simple rules have encouraged firms to address the issue of data security. But the biggest weakness of the European directive is that it does not require firms to report privacy breaches. As a result, it is impossible to say how effective it has really been.
In Japan, companies have to make a public announcement when privacy breaches take place. America and Europe should do the same.