What Are You Doing With 25 Million Social Security Numbers On Your Laptop?
from the seemed-like-a-good-idea-at-the-time dept
In the never-ending barrage of stories about customer data leaks, one question is never answered: why are people carrying around laptops with so much personal information anyway? As you might expect, the answer's got more to do with laziness and stupidity than anything else. There's really no good reason for people to be carrying all this data on their laptops when it can be more securely held (in theory, anyway) in a central location, and accessed as needed over a network. Of course, all that requires a lot of effort, as does ensuring employees' computers are using encryption and other security techniques, and as long as companies have no incentive to protect customer data, there's little reason for them to go to the trouble, and cost, of actually securing data.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Keeping data centralized
[ link to this | view in chronology ]
Re: Keeping data centralized
Dealing in information is no different than physical inventory. An employer would fire anyone walking out of the building with selling inventory, no matter what it is. There's no plausible reason for it, unless movement of that inventory has been recorded with the appropriate paperwork. So why is data treated any differently? I can't take home a couple of carons of product to complete my work, why should a guy/gal with a laptop be able to move sensitive data?
Your employer was on top of things - mostly because they had to be. When other businesses have to be, under penalty of huge fines, this problem will be mitigated.
[ link to this | view in chronology ]
Annonomize the data
Much of this information is so easy to anonomize (e.g. Addresses, phone numbers, SSN, etc.). The structure of data is the important thing, not necessarily the content. Take a representative sample of the structure and then put in bogus data. As the OP stated, this is complete laziness and stupidity. It is NOT that hard.
[ link to this | view in chronology ]
The next big screw up
[ link to this | view in chronology ]
Fat, bloated and cumbersome
[ link to this | view in chronology ]
Re: Fat, bloated and cumbersome
[ link to this | view in chronology ]
Re: Re: Fat, bloated and cumbersome
[ link to this | view in chronology ]
Re: Re: Fat, bloated and cumbersome
[ link to this | view in chronology ]
"Silly" status quo is hard to change
I can often get away with making one up. Until organizations change these "just because" default identifiers, I think we will experience more such breaches of information.
[ link to this | view in chronology ]
Re: "Silly" status quo is hard to change
[ link to this | view in chronology ]
Re: "Silly" status quo is hard to change
[ link to this | view in chronology ]
Re: "Silly" status quo is hard to change
Nitpicking, but Utah doesn't demand you put in on. They can leave the field blank. As I did.
Back to the topic, I think we need a new social number, one that is for the federal government and a citizen only. That could be, you know, secure.
When my healthcare account number is my social security number, it proves we have lost focus of what a social security number is.
[ link to this | view in chronology ]
Re: Re: "Silly" status quo is hard to change
[ link to this | view in chronology ]
Re: "Silly" status quo is hard to change
Well, thats great, but while you managed to provide yourself a modicum of security, you did it while committing a felony.
Providing a FALSE Soc Sec Num is a felony. Do not do that. Simply refuse to provide it.
[ link to this | view in chronology ]
Re: Re: "Silly" status quo is hard to change
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Obvious
[ link to this | view in chronology ]
all i have to do is read the paper each day for the 'fuck up du jour", call that company's IT executive (or his new replacement), ask them how many millions of names they need at 1/10 cent per name, and profit...
[ link to this | view in chronology ]
Re: anonymous coward
[ link to this | view in chronology ]
Novel idea... yes, I know.
[ link to this | view in chronology ]
It boggles the mind that the public sector can encrypt and send data on a daily basis that complies with or exceeds DOD standards, but the folks that are entrusted with our most sensitive personal information keep it in a completely insecure database on their laptop with no consideration of those that it will negatively effect.
Why not just put in an archive, encrypt it, and be done? It would be just as easy to access for the end user, but the common thugs that abscond with the laptop that was carelessly left in a vehicle wouldn't be able to access it with ease, due to lack of knowledge.
[ link to this | view in chronology ]
Not hard to get at all
[ link to this | view in chronology ]
Look in the mirror, sys admins
[ link to this | view in chronology ]
what am I doing?
No, really, it comes down to laziness. If I didn't fight and prove that the potential losses would close the business I work for we wouldn't have SafeBoot on our laptops right now. Everyone wants to have the security, but IT is supposed to take care of that. They don't understand it starts with the user being responsible.
Of course, enter the obligatory IT Staff are not responsible for your own stupid carrying of said laptop into areas that are potentially dangerous, such as pool areas, bars, hot tubs, saunas, roof tops, crashing planes, etc., though our users probably think that we are...
[ link to this | view in chronology ]
almost forgot
WTF? We're not your storage racks; we keep you working!
[ link to this | view in chronology ]
Shrugged Off
[ link to this | view in chronology ]