Sunday, September 28, 2008

Why So Apathetic?

Every so often, I see expressions of frustration from identity theft professionals, or people who care about data privacy in general, that people are so inexplicably apathetic. For example, in the comments to a previous post, Jason Dickens at Prosperity Protection opined that "The general public just doesn’t take this stuff seriously." Similarly, my friend Jack Dunning temporarily shuttered his blog because of what he saw as public apathy (see here).

As I have noted before while consumers are, in fact, appallingly apathetic about their privacy, they are highly concerned about identity theft. In my previous post, I recommended that, if you want someone to care about privacy, you should try and explain that lack of privacy leads to a greater risk of identity theft. However, it occurs to me that there's more to it than just drawing the connection between privacy and identity theft. Consumers also need to know that what appears to be a common approach to trying to protect against identity theft - curtailing online shopping - isn't appropriate. A good example of this approach, and it's ineffectiveness, is provided by this article, which stated that, as a result of (then) recent data security breaches, some consumers were refusing to make credit or debit card purchases with online merchants they didn't know. Of course, even ceasing to do business over the internet entirely would do absolutely nothing to protect against something like the TJX breach, where thieves exploited vulnerabilities in network security at TJX's brick and mortar stores.

Once consumers have a more realistic understanding of the ways that identity theft actually takes place (and yes, obviously internet use is a part of it, as the continued popularity of phishing scams shows) I would think it would be substantially easier to convince them that they'd be better off paying attention to their privacy that they would retreating from the internet.

1 comment:

John Taylor said...

Thanks again William,
As you correctly pointed out retreating from the internet isn't going to stop identity theft. If you recall I got a piece of recycled paper from our county courthouse that had a photocopy of a check entered into evidence over a year ago on the reverse. It has happened a second time. On my blog,
I have a graphic called the "Data-Based You" that shows there are thousands of lists and databases containing our personal information. Anyone of which if breached or lost can wreak havoc on our good name for years. I have yet to meet a single identity theft victim who cared which database was the source of the theft. They are only concerned with the fallout they have to deal with. It seems from my experience that a lot of people are pretty apathetic about identity theft until it happens to them. Thanks again for all that you do to keep the public informed.