In this column Mr. Rasch states that consumers "only voluntarily provided this information to Northwest because the airline made certain promises and representations about its privacy and security." I don't quite believe this is true. I provide that information to the airlines in order to book a flight, something consumers did long before any privacy/security laws were in place. I do hope that the airlines (in this case) would take reasonable precautions with my data as identity theft/fraud is a problem. But if they don't will I stil fly with them - possibly, but I may try to find another carrier as well.

As for the liability - isn't this in some ways to be expected? If I, as a trusted employee, take a database of client information and give it to whomever (competitor or gov't agency, etc.) should my employer be held responsible? This assumes that my employer has implemented (again) reasonable security precautions against unauthorized disclosures.

And a minor point - it is 'HIPAA', not 'HIPPA'.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/257/27725#27725