At a glance.
- Verizon's Mobile Security Index finds that speed, expense, and convenience continue to compete with security.
- Wells Fargo settlement shows a large penalty for easily overlooked business misconduct.
- Well-intentioned social media posts may have unintended lasting consequences.
Verizon's Mobile Security Index suggests that security and privacy still compete with other business imperatives.
Out just this morning, Verizon's 2020 Mobile Security Index reaches the perennial and unsurprising conclusion that security and privacy concerns continue to compete with other business imperatives (notably speed, cost, and convenience). Regulators' growing interest in protecting consumer privacy has, however, proven a spur to many organizations, goading them to improve the ways in which they collect and handle data. The most prominent and influential regulatory regimes have been the European Union's General Data Protection Regulation (GDPR) enacted in 2016 and in effect since May 2018, followed by California’s Consumer Privacy Act (CCPA) passed in 2018 and in force since January of this year. More US states have privacy regulations in the works. Verizon says that more than a third of the US population lives in a state where privacy-protection laws have either passed or are under active legislative consideration. Compliance failures, of course, exact a penalty: "Twenty-nine percent said they’d suffered a regulatory penalty as a result of a mobile-related security compromise."
Fake accounts cost Wells Fargo a $3 billion settlement.
Wells Fargo will settle US Justice Department of Securities and Exchange Commission investigations with payments totaling some $3 billion, the Wall Street Journal reports. The agreement resolved both civil and criminal investigations, but under a deferred prosecution agreement the Justice Department reserved the right to bring criminal charges at some future date. In the settlement the bank admitted that it “unlawfully misused customers’ sensitive personal information.” The case is interesting because Wells Fargo's misbehavior was a result of corporate culture, and of that culture as shaped by corporate policy. The bank didn't direct its low-level employees to create bogus or unwanted accounts, but its incentive system and pressure to increase sales led those employees to do just that, and Wells Fargo lacked the effective oversight mechanisms to detect and stop what would have appeared, taken individually, as minor infractions. Taken as a whole, however, they amounted to significant business misconduct.
The problem began in 1998, when Wells Fargo strategy shifted toward greater reliance on sales growth, with correspondingly high pressure on employees to "cross-sell" existing customers other products. By 2004 and 2005 internal investigations warned top management that the bank had a fake account problem. By 2012 regional managers were warning Wells Fargo's head of consumer banking that unethical sales practices had become uncomfortably common. The misconduct came to public attention in 2016, and the bank's initial response was to blame (and fire) low-level employees.
The abuse of customer data wasn't without effect on the customers themselves: a significant number of them suffered damaged credit scores as a result of the bank's misuse of their personal information.
Online stories arouse bullying as readily as they do sympathy.
A CNN op-ed recounts the sad story of a nine-year-old Australian boy, a sufferer from achondroplasia, whose mother posted a video to Facebook of the child weeping in despair over the ways in which he was bullied. The mother's intention was to show people the effects of bullying in the hope of inspiring them to stop. The video indeed drew many expressions of sympathy and support, but it's also spawned a widespread conspiracy theory about fraud, scams, and bad faith. (See BuzzFeed for a summary of the gratuitously ill-willed, knowing, and falsely sophisticated opinions being retailed.) The CNN op-ed argues that it might be better to keep such appeals off the Internet, and consider the children's own right to privacy.