RANT: Securely storing Personally Identifiable Information (PII)

Quick rant here.  I came across another article about a company and their data being compromised.   I use “THEIR” very loosely here, as it typically means OUR data (read for what I mean with PII).  

Tivo had their email database hacked, which is leading to a bunch of spammers getting access to valid email accounts.  While this isn't as bad as the Gawker incident, it is still a concern. My email address and password had to be changed on their site due to the security breach.  It is a hassle. (and risk)  PII is largely talked about with regards to health care and HIIPA, but in my view, people storing your personal information should be as concerned about protecting their customer data as those in other, more secure sectors.  

There are some best practices when it comes to storing and retrieving data, but by all means.. storing passwords in clear text has to be the dumbest rookie move ever.  (GAWKER).  Beyond that, let's try to get people to be responsible.  I'd like to see a certification of sites that safely store my PII.  At least that way I know how often and who I need to watch when storing certain data.  

Word of the day?  Encryption.  Hell.. at least use and MD5 hash or something!  🙂  

Tivo-hacked

Permalink | Leave a comment