Paul Venezia has written a nice article that talks about holding corporations accountable for identity theft. Basically, if somebody steals my data from TJ Maxx, then TJ Maxx should be held responsible for it.

Having had my credit card number stolen from a company before, I think he’s on to something here. There’s simply no recourse for me against a company who puts my identity out there for somebody to take. In my case, I joined a class action suit against the company and was mailed a check for $2. That’s what my identity was worth to this company - 2 measly dollars.

Almost every day we hear about laptops being stolen that contained thousands of social security or credit card numbers. Often times we learn that all of this data was sitting in excel spreadsheets somewhere on the computer.

There’s no valid reason that my social security number should be in an excel spreadsheet anywhere.

It’s bad enough that way too many companies require this number for non social security related purposes, but I shouldn’t have to even entertain the idea of my data sitting on somebody’s laptop in a coffee shop.

Paul’s proposed law calls for penalties for companies who don’t follow acceptable security practices, but I don’t think that’s enough. It may be time to examine some of our laws and add a clause about how we can store sensitive data.

There’s simply no reason that any of this information should be on a laptop, cell phone, memory stick, ipod, portable hard drive, or voice activated electronic diary. It should all be encrypted and password protected on a server that requires an authenticated user to access. It shouldn’t take a law to accomplish this, we should all be doing it already.

Having said that, now is a good time to look at your own business and how you store data. Are you storing data that you don’t really need? A good example is companies who store credit card information for 1 time sales. Having previously coded several e-commerce websites, I always made sure that we had no record of a credit card number on our server after we were done processing it.

What about social security numbers or drivers licenses? Are you storing them in a database in plain text format? What kind of information is on your employees’ laptops? Is it essential that they be able to take that information home with them? If so, how is it protected?

Asking yourself these simple questions can prevent you from suffering PR nightmares like TJ Maxx and Best Western are currently going through.

What’s your password? Shh! Don’t tell me, just think about it for a second. Do you recognize it in this list:

• password
• 123456
• qwerty
• abc123
• letmein
• monkey
• myspace1
• password1
• blink182
• (your username)

If so, please stop reading and go change it (but don’t forget to come back here!)

The list above is the top 10 MySpace passwords according to PC magazine, but if we add in the “Hackers” popular passwords of god, sex, love, and money, there’s a good chance we’ve guessed one of yours.

So why am I talking about passwords? It’s because I just had one of my email accounts cracked. The cracker then used my email account to gain access to other accounts of mine on different websites. All in all, it took a long time to repair what little damage they did; and it would have been a lot harder if I hadn’t caught it before they locked me out of my email account.

Don’t let somebody steal your online accounts. Here’s some tips you can follow to make sure your accounts are secure:

• Don’t use the same login on multiple sites
• Don’t use the same email for all your accounts
• Use different passwords on every site
• Make your passwords secure. If you need help generating one, try this tool (you don’t have to use all 63 characters.) Another great technique is to think of a mnemonic like “four score and seven years ago” and turn in into a password like “4Sa7Ya” (just don’t use that one!)
• Change your passwords at least once a month.
• Don’t give out your passwords to anybody, or any untrusted websites.

I know that secure passwords can be hard to remember, but that’s where Demoxi can help. Passwords stored in Demoxi are stored on your own computer - so there’s less risk of somebody hacking in. They’re also encrypted, so nobody will be able to read them without logging in to your Demoxi account on your computer.

Good luck.