Holding Data-Curating Organizations like Equifax Accountable for Security Breaches

I can’t speak on behalf of the whole 143 million people affected by the data breach at Equifax recently, however I can say it intuitively seems that opinions over what it means to be a data point in someone else’s database is a growing concern among many digital era natives.

In this modern American (and moreover global) society we aren’t necessarily asked if we consent to our identity data being procured and held by entities the likes of Equifax, TransUnion, Experian and otherwise. One could argue that the nature of opening a bank account implies consent, but that’s unrealistic. We need a better way to assess the stipulations surrounding data ownership, responsibilities that are engendered along with that, and law makers who understand the impact of legislative actions regarding data ethics.

These credit verification organizations are normalized in our society, but we don’t consider the implications of entities like Facebook, Google or otherwise wielding the same power, (turns out your Facebook profile could potentially affect your credit score.)

Google’s Eric Schmidt was quoted in saying that he believes big data is so precious that future nation states will fight over it, (a sentiment that Elon Musk has echoed.) With such prominent figures heralding data as something so valuable, isn’t it incredibly shocking to watch our most sensitive personal data be curated without our consent and then hacked beyond our reaches?

“I think big data is so powerful that nation states will fight over how much data matters,” — Alphabet Executive Chairman Eric Schmidt

As far as the Equifax hacks are concerned: it’s like witnessing a real life Fight Club scene play out in 2017 and I’m not sure if it’s glorious or terrifying. With promising developments in blockchain technology, the significance of a decentralized, secure and encrypted database to our society is becoming more apparent.

Xapo’s vault full of servers, 200 meters inside of a mountain in Switzerland. Via Fortune magazine.

Here’s something interesting: the above image (via September’s Fortune magazine,) is of a cryptocurrency vault in Switzerland, 200 meters inside of a mountain, full of servers that have never been connected to the internet. In fact, the vault is operated by an organization in San Francisco called Xapo which goes to extreme measures to make sure the data is secure, such as walking the servers off the production line in person.

What does this suggest? That our digital data is still very much a tangible, physical thing that requires a level of delicate attention and care — one that we would normally not attribute to something relatively ‘intangible’ like data.

As members of society who are subjected to the practices of organizations like Equifax for better and for worse, it’s important to demand a similar standard of care. A great place to start is hiring ethical hackers who know that the best way to prevent a hack is to intuitively understand your opportunities for intrusion, and then work backwards.

It’s easy to forget that our humanity remains at the core of our digital interactions. By allowing entities like Equifax to curate our data without our explicit consent and then to further dismiss the negligence as corporate mismanagement is, and should be, unacceptable.


Kelly Werner is a growth consultant with experience in Fortune 500, startups and mid-tier companies. Currently concerned about the state of ethical leadership for digital entities; particularly those involving human data. For more information or to talk about growth strategies that will help your business, contact directly at kelly@sagacitylab.com