In Metro Atlanta we have watched as Fox5 in reported that Clearfly customer's are concerned over personal information they provided to obtain a Clearfly boarding pass. The benefit of the Clearfly boarding pass allowed individuals to quickly bypass the lines passing through the metal detection process. It must be noted here that the planes did not leave any earlier and when you have used your Clearfly pass you were able to sit at the gate a little earlier.
The question raised, what will happen to all the data that was provided by individuals applying for the Clearfly pass? The information provided was quite extensive and all data provided is linked to the individual's identity and stored so that the individual could obtain the pass. They realize now that the exposure to identity theft for a few minutes of convienience is now a problem.
I am amazed how Clearfly answered the question and illustrated how it address the issue of preserving the identity of its customers. Keep in mind the customer paid a $199 fee for a service that they will not receive plus they provided Clearfly with very specific information linking them to that information. It illustrates well some of the mistakes done in everyday operations of companies who process data that contains personal information and are not compliant when it relates to Work Place Identity Theft.
Georgia Senator Johnny Isakson statements are justifiable and certainly need to be addressed. What was reported by Fox5 was "Officials with the company, Verified Identity Pass, said it's wiped all airport kiosks clean of personal information using a "triple" wipe process, which automatically and completely overwrites the contents of the entire operating system." Are you kidding me! Let's just look at the process.
There is much controversy that revolves around drive wiping. Many manufacturers of software designed to recover this type of data state they can recover most data. According to CNET, you have to do the "drive wipe" the drive the correct way. Let's think about it, do you think that a company that is bankrupt is going to make sure that all the drives are taken out, wiped clean by the three process and are going to pay for this service when the company has been reported that it has run out of money? Another issue I see, is that if they ran out of money some time ago, do you think they put into place the necessary steps to protect the identity of the customer in the first place?
Get real. There is only one process that will guarantee that the data can never be recovered and be used for Identity Theft. You have to shred the hard drive. When you shred a drive it is impossible to recover the data. Now to do that every drive, tape backup associated with server backups and off site backup would have to be discovered and shredded. Don't hold your breath, my bet is that not one drive will be shredded. If they did not put the processes in place to protect the identity of customers from the beginning that data has already been compromised.
In Georgia, Cobb County alone has over 4000 individuals affected every year by Identity Theft alone and nationally over 10 million have been effected up over 22% in 2007. Senator Isakson is right on the money when he stated that customers should be very concerned. Some things to learn from this,
- Stop giving out so much information for a convenience. 98% of all companies that take your credit cards are not PCI Compliant, 99% are not Red Flag Rules Compliant and that is just the beginning.
- If you are afraid of lines in the airport, go earlier, do I need to say any more on this one?
- Retinal eye scans and finger prints, are you kidding me! That identity information does not have laws protecting the information when it is given that I am aware of. If you provide someone that information, you do not have a legal recourse of protection or compensation whatsoever.
- When you read the financial reports on Clearfly's parent company the question raised should be how did a company with such little revenue ever get into the airport to prey on individuals in the first place. No wonder they did not stay in business. So, the lesson here is do a little homework before you spend 200 dollars for a small convenience to an unknown company.
If there is any one thing I can mention here is stop giving out personal information unless you want to take the thousands of hours fixing your Identity. In my opinion, the FTC should crack down quickly on this one early so that the data associated with this company does not become compromised any more than it probably already has.
As in other areas of security, Rottweiler Security takes serious the protection of our customers from Identity Theft.
