We have a new leader in the race to see which vendor can quantitatively show the least regard for the people whose data they hold. CardSystems Solutions, a third-party credit card processor, now has admitted disregarding the credit card industry security rules they should have been following. In light of such a willful disregard of mandated rules, I do not understand why CardSystems is still in the credit card processing business (for a related story, see page 72).

Some industry leaders have told Congress it would be a bad idea to require that credit card companies tell people their private data might be at risk after a failure of computer or organizational security They have claimed that people would soon become overwhelmed by all the notices and give up.

The industry seems determined to test that hypothesis. For the last few months there has been a steady drumbeat of announcements, most but not all driven by a California law that requires such announcements when the privacy of people's financial information is at risk.