The letters I get from companies informing me of a data breach exposing my information vary in their apologetic language, with some groveling more than others for the carelessness. But I've yet to see one lead off with a commitment to keep less of my data.
You collect this sensitive information; what do you do afterwards if you don't need it for another purpose? asks Jessica Rich, senior policy advisor for consumer protection at Kelley Drye & Warren and a former director of the Federal Trade Commission's Bureau of Consumer Protection. You delete it, because if it's deleted it can't be breached. And if you must keep sensitive data, store it encrypted until somebody actually needs to see it for a valid business purpose. Privacy professionals have been advocating that for years.
Sievert's missive did not get into what the carrier thought it was doing holding on to full SSNs years after people had signed up for serviceeven after having seen this movie before, in the form of a 2015 data breach compromising some 15 million customer files. Asked if T-Mobile had implemented any data-minimization practices since, company spokesperson Bennet Ladyman says its measures include honoring consumers' requests to review and delete their personal data [...] Corebridge Financial, parent firm of multiple financial-services companies, lost the data of my wife and I along with other customers because of its usealong with numerous other firmsof the vulnerable MOVEit file-transfer serviceits apology did not mention data minimization either.
[
Collection
]
[
|
...
]