Print this article | Return to Article | Return to

Give Your Name but Not Your Number

Readers chime in with further thoughts on identity theft; why doesn't the CFO hold the IT department responsible for a better storage strategy?
June 22, 2005

CFO IT welcomes your letters.

Send to: The Editor, CFO IT, 253 Summer St., Boston, MA 02210.

E-mail us at: You can also contact a specific author by clicking on his or her byline at the beginning of any article.

Please include your full name, title, company name, address, and telephone number. Letters are subject to editing for clarity and length.

Kudos for your perspective about [companies] taking responsibility for identity theft ("The New Face of Identity Theft," Spring 2005).

It is extremely disconcerting that so many recruiting advertisements require online submission of an applicant's Social Security number as a required field before the applicant can successfully complete and submit an application. Some employers compound the potential vulnerability for identity theft by also designating the applicant's date of birth as a required field.

Due diligence and vetting will, of course, require disclosure of an applicant's SSN and DOB as part of the hiring process, but this is not necessary for all applicants. Only the finalists should need to provide these identifiers, and only if the Website is encrypted. Some of the more progressive employers offer an alternative check box in their online applications that allows an applicant to defer providing Social Security numbers until later in the selection process.

Nowadays, applicants are faced with some very tough conflicting interests when responding to recruiting advertisements. They must either compromise their identifiers in order to obtain employment or compromise their employment opportunities.

C.T. Seidl, CPP

I thought your article about identity theft was very informative. However, as someone who works for VeriSign, I was frustrated that you failed to mention anything about strong authentication, which is available in the form of a USB token. Such tokens are now playing a prominent role as ID theft becomes more of a threat to individuals and businesses alike. Larger companies are purchasing USB tokens from managed-security companies, like VeriSign and RSA, to issue to their employees, partners, or customers. When the individual uses the token, it authenticates the user and provides an added layer of security to reduce the risk of ID theft. With the adoption of strong authentication, ID theft will become less of an issue and make the Internet a safer place to find, connect, secure, and conduct transactions.

Chris Tucker, Via E-mail

Pain Relief vs. Planning

Regarding your continued coverage of the gains and pains of technology, I would love to see an article on why IT is always reacting when it comes to computing and storage infrastructure. Is the buying of more and more stuff, such as disk, tape, SAN, NAS, ILM, DLM, and so on, really progress?

I have been associated with the IT industry throughout my entire career, the past eight years as the vice president of a $125 million system integrator that focuses on computing and storage infrastructure. We are continually baffled by the lack of planning and accountability when it comes to organizations' computing and storage infrastructures. What causes this? And why doesn't the CFO hold the IT department responsible for developing a better strategy?

Some 95 percent of the customers we meet are reacting to an event that is causing them pain. They want a solution for the pain and do not want to take the time to develop a plan. Of course, by not having an overall plan, they continue to waste time and money, and place their companies at risk. Why this area of IT does not fall under normal planning-process flow is beyond us. Over the years we have come up with several theories, but we would like to hear others' thoughts.

Nick Cellentani, Vice President
Storage Consulting/Operations

EDITOR'S NOTE: We do plan to look at the issue of storage in our next edition (Fall 2005, out in mid-September).

In our buyer's guide to spend-management software ("Where Does the Money Go?," Spring 2005), we incorrectly described Fieldglass Inc. The entry should have read as follows:

Fieldglass makes a vendor-neutral, Web-based application suite called InSite that helps large companies manage global services procurement. These services range from simple time and material services (such as contingent labor) to deliverables-based projects (including offshore and outsourcing) to more-complex combinations of services and products. Experience gained from serving industry leaders in insurance, telecommunications, pharmaceuticals, environmental services, and manufacturing has helped Fieldglass identify key factors that are common to all services engagements. Per-transaction and subscription-based pricing models are available.