If You’re Collecting Our Data, You Ought to Protect It

Last summer, employees at the National Aeronautics and Space Administration received an in-house newsletter illustrated with mock front pages of USA Today and The Washington Post and seemingly hyperbolic headlines like: “NASA Laptop Stolen, Potential Compromise of 10,000 Employees’ Private Information!”The catastrophizing turned out to be prescient.On Halloween, just a few months after the newsletter went out, a laptop used by an employee at NASA headquarters in Washington was stolen from a parked car. Subsequently, NASA sent letters to about 10,000 current and former employees and contractors, warning them that the laptop had not been encrypted. The letter explained that confidential details — like employees’ names, birth dates, Social Security numbers and, in some cases, personal information from background checks — may have been compromised.When Robert M. Nelson, a solar systems scientist who recently retired after 34 years at the Jet Propulsion Laboratory, part of NASA, received the letter, he felt vindicated. Several years earlier, he and 27 other civilian scientists at the lab sued the agency to try to stop it from conducting open-ended background checks of researchers like them who worked on nonmilitary space projects.

By now, reports of lost or stolen business devices are so common that many people open data-breach notices from their banks, insurers, medical institutions, schools and state agencies with something like resignation. In fact, negligence by employees and contractors has been a more common cause of corporate data breaches in the United States than malicious attacks, according to a study of 2011 done by the Ponemon Institute, a research center on data security, and financed by Symantec, a data security company. Institutions, companies and government agencies often devote more resources to collecting information about employees and consumers than to protecting it, security specialists say.
http://www.nytimes.com/2013/02/17/technology/if-youre-collecting-our-data-you-ought-to-protect-it.html

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.