Privacy & the Octomom

According to the LA Times, bunch of folks just got canned by Kaiser Permanente for accessing the medical file of "Octomom" Nadya Suleman at the company's Bellflower Hospital . In total, 15 folks got the axe and another 8 were disciplined for inappropriate use of privilege to view information in Suleman's records.

It's a good start, and I applaud KP for taking a stand on this issue. Meaningful accountability is often absent when data security is at stake. With a broader perspective, however, the Ponemon Institute has identified a lack of accountability as a big problem in addressing data security at the corporate level.

According to the 2006 study, National Survey on Managing Insider Threats, 31 percent of companies responding to the study reported no single source of accountability for maintaining data security. The result? When a breach happens, fingers get pointed (usually down the chain to the poor souls in IT security), but no one suffers any meaningful consequences.

Unless and until folks in the big offices, whose titles are preceded by the letter "C," put their own skin in the game, there won't be much progress in addressing this problem.