Apple and Other Tech Firms Must Fix Customer Security Glitches

Last Updated Jul 12, 2010 11:52 AM EDT

Apple (AAPL) has already had a bad month when it comes to consumer privacy. The iTunes store got hacked within a week of 400 iTunes accounts being defrauded. Rogue developers allegedly broke into customer accounts and charged goods in an attempt to artificially push their product sales higher. In a separate incident at the end of June, a woman brought her older iPhone to an Apple store to upgrade to iOS 4. When she walked out, someone else's contacts, emails, and photos were on her phone.

This big issue is more serious than Apple's tendency to pretend its product problems don't exist. Consumer privacy has become a major topic for regulators and politicians -- to say nothing of consumers. It's not a concern for just Apple. Such companies as Google (GOOG), Microsoft (MSFT), Facebook, Twitter, and AT&T (T) have all dealt with major privacy issues. Unless the industry finds better ways to handle customer data, tech firms may find state and federal governments beginning to set policies and make decisions for them.

In Apple's case, the iTunes incidents seem due to insufficient fraud prevention tactics. It was clearly an egregious mistake to copy data from one customer's phone to another. I spoke with several Apple store representatives who said an iOS 4 upgrade is supposed to reset the phone and wipe clean all data -- the store is to add nothing to the device. In short, all the incidents were due to sloppy business practices.

But let's not demonize Apple. Plenty of high tech companies have made a hash of customer privacy and data security:

It's not that high tech is the only industry that has repeatedly stumbled when it comes to customer data. Anthem Blue Cross had a data breach involving 230,000 members because of a badly implemented web site. Hackers gained personal and medical information regarding 4,585 University of Maine students from Internet-facing servers. Such data breaches are common, and generally seem due to poor planning or execution.

And yet, there is a difference between high tech and other industries. Companies in the former category make a living from enabling electronic data storage and use. They are the ones that argue data can be safe -- only to offer proof that it is not. And when companies in other industries fail, it's still generally because of technology, so high tech becomes the indirect target for consumer anger.

As data breaches continue, they will slow user acceptance of new business tools -- and encourage oversight from government regulators and elected officials who have already become wary of how well companies protect consumer information. Given the high tech track record, maybe that is necessary. The industry has had years to improve its practices. Perhaps it needs some arm-twisting help. European-style privacy laws, anyone?


Image: user woodsy, site standard license.
  • Erik Sherman On Twitter» On Facebook»

    Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.