This is an excerpt from this morning’s Wall Street Journal. Comments in square brackets are mine.
A [company] laptop containing the names and Social Security numbers of [an equivalent to the population of Miami, FL] workers and retirees has been stolen, putting the employees at risk for identity theft and credit-card fraud. The theft was the third such offense in the past thirteen months.
[representative] said no proprietary, customer or supplier data was on the computer. Files on the computer also contained home addresses, phone numbers and birth dates. Some of the files listed salary information.
[Last fall], another laptop containing information on roughly [the population of Huntsville, AL] current and former employees was stolen. In [the spring], a laptop containing information on [a relatively smaller, but still large number of] employees and retirees was stolen.
The obvious question is unanswered: why is the employee personal data still being stored on laptops?
No! No! No!!
The obvious question unanswered: why are you and I the ONLY two people in the entire world who do NOT have the private identity information of a bascillion people on our laptops?
And, a follow-on, if I may… if your laptop got stolen would you report it? Or would you be too humliated to because you are not important enough to have the world’s population details?
Enquiring minds…
SELECT FirstName, NickName, LastName, HomePhone
FROM Employee
WHERE Sex = ‘F’
AND MaritalStatus = ‘S’
AND AnnualSalary > 100000.00
AND Age Between 35 AND 40
Susan – Good question. We must have both shredded the “Personal Information of American Cities” offer from the Time-Life marketing mavens. ‘Each month we’ll send you a DVD chock-full of personal information. Examine the disk for 30 days. If you decide to keep it, pay $49.95. Imagine, this November, you can apply for a credit card in Richard Nixon’s (Yorba Linda, CA) name! Or next March, cancel Juan Salvador’s (Tampa, FL) subscription to Cinemax Late Night.’
Even though there would be jeers at my obvious crack-like addiction to puzzle (Bejeweled, Suduko, Mahjongg) and ancient, simulation (Civilization 2, Alpha Centauri) games instead of the more macho “Doom 4,” “Madden 2007,” and “Halo 2,” I’d report the laptop theft to give my homeowner insurance company a specific excuse to increase the annual premium.
John – 🙂
Lisa – There are several levels of question. (1) Why is this information carried around in the first place (e.g., is there a ‘need to know’ among the laptop-toters)? (2) Assuming (1) is affirmative, is there an alternative representation protecting the privacy? For example, at a large online reseller, transactions were separated by the recipient, thus we could debug “the problem with Buy X Get Y” instead of “Lisa’s ‘Blogging Your Way To Millions'”
And also (3) is the information encrypted such that it would be meaningless to anyone else?
Good question. And if it’s stored on laptops, is it protected by system or harddrive passwords?