Best Western hit the media this week being reported to have been hacked and 8 million customer datasets being stolen. Best Western objected the news, mentioning they have no proof for such hack and they would delete their data anyway frequently.
Say WHAT? Corporations spend millions acquiring customer data and Best Western deletes them? Hmmm…
No matter, if this has been a newspaper hoax, there is something good in this. Who knows today, where data is collected, how it is stored, kept secure, who has access to it? How “secure” is “secure”? The Internet by definition is insecure. An old – even pre-WWW saying in IT: To have a secure system, remove all input… If a user in old DOS entered “format c: /u” the drive was formated irreversably. Oops, I forgot to backup that file? Too late. In my 2007 ASRA-presentation on Airline Sales & e-Commerce, my friends in ASRA joked that I would be paranoid… Today they know better, thanks to media coverage of data insecurities. I get increasing inquiries.
Most large corporates have a faulty and flawed security. Most even do not use encrypted communication with the most sensitive data they send through the web. Discussions on LinkedIn confirm the U.S. Department of Homeland Security to pick Laptops. Where does the data on them end up? Maybe your U.S. competitor has access to it?
But now we talk about personal profiles. Where is what data stored electronically about you? Have “they” told you they store the data beyond the immediate transaction? No. We only learn by security breaches becoming public that such behavior is not the exception but the rule. And thanks to the global networked world we live in, data is no longer limited to “my hotel”, “my supermarket”, “my anything”. But the hotel reports some or all of the data to the central server somewhere. Next you arrive in another city, they do have your address data on file. Hmmm… What else do they have???
And then we come to the new laws in the U.S., Germany and sure elsewhere, legally forcing providers to collect data and make it available to their government representatives. Said what? What is a “government representative”? Do I trust him or her? Not the government – I don’t trust “government”. But worse, “the representative”. Who controls the controller?
So sorry for the bad publicity Best Western, but thank you for another example to make people aware and think about their personal information. Did you ever read 1984? George Orwell did not even imagine what exists today!
Shift happens! Internet meet World. World meet Internet…