Perform a Google search with the following terms: lost personal data. Here’s a sampling of what appeared at press time:
UK families put on fraud alert: Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing (BBC News, Nov. 20, 2007)
AIG: Personal data on 970,000 lost in burglary (USA Today, June 18, 2006)
CD of Georgia personal data lost: In the biggest loss ever of personal information compiled by state government, a computer disk containing data on 2.9 million Georgians has been lost in shipping (Cox News Service, April 11, 2007)
TJX breach involved 45.7m cards, company reports (Boston Globe, March 28, 2007)
Try it yourself here.
And on and on. Open Security Foundation took over Attrition.org’s Data Loss Database in September. DLDB posts a running tally of recent data breaches, their types (lost media, stolen laptop, network hack) and timelines. Within the week this article was written, DLDB reported 10 data loss incidents, ranging from 90 records exposed when a Government of Newfoundland and Labrador system was hacked to 11,000,000 records lost by the South Korean office of energy company GS Caltex.
And despite the almost daily news of data loss, theft and leakage, much of this personal and sensitive information is unencrypted when it’s lost, making identity theft and fraud more likely.
James Quin, senior research analyst with Info-Tech Research Group, tries to sound sanguine, but the frustration bubbles under the surface.
“Lack of encryption is like not quitting smoking,” Quin says. “It’s so blindingly obvious that there’s no reason everyone shouldn’t be doing it.”
According to IDC Canada’s David Senf, 14 per cent of Canadian organizations believe they’re ill-prepared to stop data loss. Another 45 per cent say they’re doing “an OK job – some data stays, some data leaves.”
Among public sector organizations and mid-sized to large enterprises, there’s a strong sentiment that more has to be done, Senf says. “There’s a mix of data companies are worried about,” Senf says. When survey respondents were asked what type of information loss worried them most, customer data was No. 1 – but not by a long shot, Senf said. Forty per cent were most worried about customer data; others prioritized financial information, intellectual property or employee data. How they feel that data’s leaking depends on whom you ask. IT departments fret about USB keys, e-mail and lost or stolen laptops, while many line of business people are still worried about hard copies. In insurance, for example, there’s still a lot of paper floating around.