Privacy Data Dump

Last week, a San Diego consumer rights group announced that according to its math, in recent years companies and institutions have collectively reported the mishandling -- or downright theft -- of more than 93.7 million private records.   That’s a pretty weighty scorecard kept by the Privacy Rights Clearinghouse but probably not all that shocking to anyone who reads the paper regularly.   After all, right around the same time last week, the Commerce Department announced that over the past five years, more than 1,000 of its laptops -- roughly 4 percent of its total inventory -- had been lost, missing or reported stolen from its 15 divisions. Some 672 computers were lost by the Census Bureau -- you know, the one responsible for collecting statistics about the United States, including the country’s citizens and its economy -- with about 250 of those machines containing some personal data.   As the quid pro quo of such a disclosure, Commerce Secretary Carlos Gutierrez was at least able to say that the data was protected by a combo of passwords and complex data formats, whatever that means. Gutierrez said in a statement that to this point, it appeared none of the information had been misused.   If anything, Commerce can take solace in that even its collective whoopsie-daisy falls short of the biggest single governmental gaffe -- that happened early this summer, when U.S. Department of Veterans Affairs announced that a laptop and hard drive containing personal information, including names, Social Security numbers, and dates of birth on about 28 million veterans had been stolen from a worker’s home.   For those of you keeping score, 28 million Americans of any category is close to 10 percent of the entire U.S. population. If it’s of any consolation, the computer and drive were recovered by June, and last month, a pair of teenagers was arrested for the theft.   The feds of course, aren’t the only ones who have had to learn the hard way about the dangers of transporting sensitive info and the need to put some solid safeguards and guidelines in place. In recent month, major accounting names, from Big Four firms to the American Institute of CPAs, have had to reveal major losses of data.   The individual incidents, whether the result of seemingly outright carelessness (leaving a laptop in the seatback of a plane) or ill-advised action (sending a hard drive out for repairs via a commercial shipper), should serve to showcase a simple fact -- these sorts of privacy gaffes could happen to anyone.   There’s tons of great options when it comes to encryption and physical locks for computers -- and don’t get me started on all the suppliers an organization can turn to when it comes time to offer clients that free year of credit monitoring -- but the only way to stop the data dump is by taking a good hard look at where your organization is storing its data and an even harder look at where that data absolutely, positively, has to travel.   And the next time you think it can’t happen to your firm, run the numbers and seriously consider the likelihood that one of those 93.7 million private records could have been you, or one of your clients.