It seems like every few weeks, there’s a new report that large amounts of personal data go missing when a laptop is stolen or there’s some other kind of security breach. It makes me wonder just how one lets their laptop be stolen – do they just walk away from it? Leave it in airports? Thieves do a bait and switch? Perhaps companies should get employees to pay for their laptops and maybe they’d take better care of them. But I digress…
Larry Dignan of eWeek thinks that it’s time corporations are fined for losing data. This year alone, we’ve heard of the 26.5 million veterans info that was stolen from an employee’s house, the YMCA lost a laptop containing personal info of 65,000 people in May, Hotels.com may have exposed data for 243,000 individuals, and just last week a laptop containing personal information of 13,000 District of Columbia employees and retirees was stolen out of the home of an employee of ING U.S. Financial Services.
You’d think companies would keep that kind of sensitive info secured in a database on their servers rather than unsecured with no password or encryption on a laptop. Why do these employees need to carry that kind of info outside the office? And even if they did need to access some of the data, there are ways that companies can allow employees to access their servers securely.
The Department of Veterans Affairs is facing two class action suits for their loss of data. Plaintiffs are seeking $1000 for each person listed in the database – that’s $26.5 billion.
The suits were filed under the US Privacy Act, which only applies to government data breaches but perhaps it’s time to offer stiff penalties about those in the corporate world as well.
Latest Comments