FTC Hasn’t Gone Far Enough on Security

The selling of personal data by a credit-reporting agency is undoubtedly not the only leak in personal information security that the FTC needs to plug [“FTC Orders Trans Union to Halt Sales of Credit Data,” March 2].

The pool of personnel capable of stealing and misusing an individual’s identity is being dramatically widened by the insistence of banks, credit card companies and online Internet billing retrieval software (such as Quicken) on using one’s mother’s maiden name as the de facto password.

Standards and processes need to be set up such that personal information required by one organization cannot be accessed or used by others without the individual’s overt permission.

MICHAEL ERNSTOFF

Mar Vista