FlyerTalk Forums - View Single Post - Orbitz Hacked: Customer DOBs leaked thanks to DHS/TSA Secure Flight
Old Mar 23, 2018, 12:18 pm
  #6  
seawolf
Original Member
 
Join Date: May 1998
Location: NYC
Programs: AA 2MM, Bonvoy LTT, Hilton Diamond
Posts: 14,620
Originally Posted by studentff
Storing superfluous unnecessary personally-identifying-information (PII) aggravates the severity of data breaches. Most reasonable organizations have policies to minimize PII collection/storage to the minimum necessary to complete a business purpose. Exact DOB would be irrelevant to booking/completing air travel if it weren't for DHS/TSA policy.

Sure, Orbitz is responsible for the data breach. But DHS/TSA architects of "Secure Flight" are responsible for sensitive information like DOB being stored at Orbitz.

(And in a perfect world, financial institutions wouldn't store DOB either. They would do whatever authentication they need/want to do when the customer signs up and then destroy the sensitive information and just keep an electronic indicator that the customer was authenticated. Companies will start learning these sorts of techniques over the next few years if they are held vigorously and expensively accountable for the impact of data breaches.)
Which business organization minimizes PII collection/storage while ignoring regulatory requirements applicable to their business?

I'm sure many HR departments would love to have employees working (business purpose) without having to handle the labor and taxation requirements and the PII involved. So I suppose if a HR file was breached, you would blame IRS/DOL for requiring employer to store/report SSN information to support income withholding?.

Meeting regulatory requirements is a part of doing business. If businesses can't meet regulatory requirements while keeping information safe, then they should get out of the industry they are in.
seawolf is offline