It’s a cliché to compare the Internet to the "Wild West", but after 145 million eBay customers had their details leaked in one of the worst digital robberies of all time, it’s a cliché that looks likely to stay with us for awhile.
In Britain, the Information Commissioner is about to launch an investigation into eBay with a view to levelling a considerable fine against the firm, while Connecticut, Florida and Illinois have teamed up to look into the breach over in the States. Governments are losing their tolerance for companies hoarding data they cannot secure.
No amount of investment or clever strategy can guarantee data will not be stolen, but this does not mean reasonable standard should not be set and met if companies wish to continue trading. The EU data protection regulations due by the end of this year are one measure by which companies’ lust for data will be restrained, and a much needed one at that.
Much of what was taken in the eBay attack was the basic data businesses need to transact. As Hugh Boyes, the Institute of Engineering and Technology, says: "As an occasional eBay user, I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth." As he points out, that’s enough for his identity to be stolen.
The trouble is that companies are trying to take much more than that basic data. Business analytics now allows firms to track an employee’s every interest, and there is potentially big money in this big data. Eager executives are pitching products with an ever greater reach, and yet companies cannot secure the relatively limited information they have now.
Coupled with increasing privacy concerns in a post-Snowden Europe, and even similar signs across the Atlantic, the lines around what data a company can carry are about to be radically redrawn. The backlash against eBay is showing that customers will soon be demanding much more from their companies. And about time too.
