May 29, 2023

Personal Data Loss Regulations?

A law firm is asking what we’d like to see in draft legislation about identity theft.

The basis is that companies aren’t doing enough to help victims after their data is lost/stolen/compromised.

Here’s a few of my suggestions:

1. Stop storing information you don’t need. If you don’t automatically bill my credit card number, don’t store it.

2. Encrypt all that data you DO store. There’s no reason my SSN should ever be stored in plain text anywhere.

3. Stop storing my SSN on laptops. If you’re a US veteran, there’s probably 2-3000 laptops out there with all of your personal information on them. Laptops are easily lost or stolen and there’s no reason anybody needs to take my information home with them every night.

4. Make massive fines for data loss. I’m talking a 2nd occurrence should cause any company (including even a Google or Microsoft) to go bankrupt. There’s no reason for a first occurrence to even happen but without stiff penalties companies just don’t care.

5. Require companies send letters in the mail to anybody whose data may have been compromised and offer free credit monitoring for 1 year to all those possibly affected.

I myself had had my SSN and personal information stolen from an advertising company I once used (RMX Direct) and it can be a scary process. Sadly, there’s really nothing you can do once it’s happened. Cops don’t prosecute, nobody looks into it or helps you – you’re on your own.

What’s your take?

About Ryan Jones

Ryan Jones is an SEO from Detroit. By day he works as a manager of SEO & Analytics at SapientNitro where his team performs SEO for Fortune500 clients. By night he's either playing hockey or attempting to take over the world with his own websites - which he would have already succeeded in doing had it not been for those meddling kids and their dog. The views expressed here have not been paid for and belong only to Ryan, not any of his employers or clients. Follow Ryan on Twitter at: @RyanJones, add him on Google+ or visit his personal website:


  1. There needs to be more done on the part of the people who are enforcing identity theft laws ie the cops and people who look into it. I’m baffled every time I see or read another story where someone has had their identity stolen and the banks, credit bureau, and law enforcement are doing nothing to help them repair the damage but instead still making them pay for it for years down the road.

    I think your idea of imposing heavier fines is great and to help counter that, companies should invest even more heavily into online security and identity theft prevention personnel. Makes sense as the world becomes more and more immersed in web 2.0 right?