One of the saddest stories related to privacy and protecting your personal information - and one of the reasons I entered the field - is about Rebecca Schaeffer. Rebecca was an actress just beginning her career and on the rise with a successful sitcom, when her personal privacy was breached. That breach led to her death.
The story is well documented, with several shows describing the event and aftermath, including CourtTV. But to summarize, an obsessed fan went to the California Department of Motor Vehicles, and simply asked for Rebecca's address. There were no controls or policies to prevent the sharing of her personal information: the DMV simply gave an address upon request.
As a result, her stalker was able to visit Rebecca at her home, and shoot her.
I remember reading about this tragic event in the news and was upset to hear how simple the crime was to commit: just go to the DMV to get someone's address. I had always been a private person, but that was my first exposure to how important it is for others (the DMV in this case) to protect the information they have about me and others. Today, we are all familiar with data breaches, where our companies inadvertently lose the personal information of their employees or clients. In the U.S., stealing personal information is typically part of stealing an identity. In other countries, it can to kidnapping and ransom requests.
That was the start of my interest in privacy, information security - now called Cybersecurity - and Technology Risk Management.
This event also foreshadowed the rise of identity theft in the United States. If its that easy to get your personal information from the DMV, attackers could also go after credit bureaus and other sources. Unfortunately, many organizations, specifically credit bureaus, were reluctant to put additional controls in place to prevent identity theft: they make money by issuing credit. The more credit that is available the more money they make. Controls to limit identity theft would also slow down and limit access to credit by qualified consumers. Many credit bureaus were reluctant to put those controls in place.
Today, the good news most consumers are aware of identity theft and the importance of protecting their personal information. And options exist to limit access to credit information and monitor your credit profile.
Unfortunately, it just took so long to make that progress.