[IP] more on LAST TIME I USE HOTELS.COM djf Ernst & Young laptop loss exposes 243,000 Hotels.com customers
Begin forwarded message:
From: Phil Kos <PhilK@xxxxxxxxxxx>
Date: June 2, 2006 8:08:36 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: Bill Stewart <bill.stewart@xxxxxxxxx>
Subject: Re: [IP] more on LAST TIME I USE HOTELS.COM djf Ernst &
Young laptop loss exposes 243,000 Hotels.com customers
This is a difficult issue that affects all of us to some extent, and
does not seem to have any simple solution -- if it has any solution
at all.
Dr. Farber, you gave your information to Hotels.com. Presumably,
they had assured you they would protect it, or you wouldn't have done
so. And presumably their assurances included (boilerplate)
statements to the effect that, while they would feel free to share
your information with partners if necessary for business purposes,
any such partners would be required to provide equal protection for
your information.
So what do YOU do in a situation like this, where the partner (in
this case E&Y) fails to live up to the bargain they made with
Hotels.com? You have no contractual relationship with E&Y, so you
can't expect any satisfaction from them. I suppose you could try to
hold Hotels.com responsible, but they'll just skate based on the fact
that they followed "industry best practices" by "requiring"
protection from E&Y, so they've satisfied any obligation they had to
you.
It might be satisfying to merely stop dealing with Hotels.com as you
stated, but real damage has been done; so I wouldn't feel that it was
sufficient. And it's also problematic, because all companies are
vulnerable to such breaches by their partners, and all companies have
partnerships like this; so it's not like there are any real
alternatives.
To me, the problem seems to be that we are frequently forced to agree
to these transitive trust relationships without any corresponding
reverse transitive responsibility. When we trust a company we're
explicitly doing business with, we implicitly trust the partners they
explicitly do business with, yet we ourselves have no leverage over
those companies. I find this not only unsatisfying, but downright
disturbing -- to the extent that I choose not to participate in many
commercial activities because of it, and only rarely give out
personal information to anyone, for anything (usually only when
required by law, or necessary to obtain critical services).
I had to get a new credit card two years ago because a processing
company used by my travel agency managed to lose a huge pile of
credit card numbers. There was no satisfaction I could possibly get
from the processing company. I have not used the travel agency since
then, but that was not intended to be punitive: I never felt that
there was anything I could possibly do that would prevent such a
thing from occurring again in the future, including using a different
travel agent, so there didn't seem to be any point.
I would like to hear what you end up doing in this situation, whether
it satisfies you, and whether it seems to have any other positive
effect. As I said earlier, this is a difficult problem; and I'm not
sure there is any satisfactory solution.
Mr. Stewart makes an interesting point (if I read him correctly) --
that the fault is truly E&Y's, but because of consolidation in their
industry, there are virtually no alternatives to E&Y, so Hotels.com
is essentially helpless to improve the situation, and punitive
actions against them are therefore misguided. However, this is
perhaps the most deeply unsatisfying piece of the whole puzzle. Can
this really be as good as it gets? If so, why do we trust any of
these companies with ANYTHING? Are we all really at the mercy of the
weakest links, with no hope for improvement?
Despondently,
Phil Kos
Issaquah, WA
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/