(Via Professor Michael Geist’s BNA Internet Law Newsletter), the AP reports that
A thief has stolen a computer laptop containing personal information about nearly 100,000 University of California, Berkeley alumni, graduate students and past applicants, continuing a recent outbreak of security breakdowns that has illustrated society’s growing vulnerability to identity theft.
University officials announced the March 11 theft on Monday under a state law requiring that consumers be notified whenever their Social Security numbers or other sensitive information has been breached.
Passing the questions of why some laptop would have social security and birth date data concerning 98,369 grad students / PhDs at the University since 1976, and the difficulties of notifying people with whom you may have had little contact for the last 30 years, this story does make me wonder about the vulnerability of confidential data residing on a lap top hard disk. We hide our data behind firewalls and VPNs and so forth, but how do we protect data from the physical theft of our “on the go” laptop?
As the article notes:
University police suspect the thief was more interested in swiping a computer than people’s identities, UC Berkeley spokeswoman Maria Felde said.
Absent chaining the laptop to your wrist, it may be difficult to prevent a thief from simply absconding with the computer. This won’t matter as far as social security numbers, or far more important client-confidential data are concerned if you, at a minimum, password protect login access to your laptop and encrypt important data in some way. There are lots of encryption tools available.
If the thief is after the data, he may be able to decrypt your information if it is sufficiently important and has enough time and computer power on hand for the job. Chances are, though, the thief really wanted the machine and not the data. In that case, minimal encryption efforts would do the job.
Do what you can to keep client-confidential data confidential. You owe it to your clients, and to yourself.
Leave a Reply