Saw this hit the wire yesterday(Starbucks laptop theft) . It is indefensible. In 2006, Starbucks could not find 4 out of use laptops, each containing between 10,000 and 50,000 employee’s personal identifying information.
The time has come for the federal government to enact laws. Not compliance laws, but identity theft protection laws that make the rampant careless storage of employee, patient, or customer personally identifying data a felony. There are at least three things wrong with this latest Starbucks identity theft issue:
- Employee, customer, and patient data should NEVER be stored on a mobile system unencrypted, and frankly shouldn’t be there to begin with.
- Employee, customer, and patient data should NEVER be stored on any system unencrypted, whether the system is secured or not.
- Starbucks didn’t to diddly to protect this data after losing it several times before, and in fact lost nearly twice as many employee’s personal data this time as last time (97K vs. 50K).
Frankly, compliance initiatives to jack to secure employee, patient, and customer data. The insane number of laptop and desktop thefts that are occurring every year (my wife’s data from IBM over 13 years ago was lost last year!) that are 100% completely preventable through the simple use of volume encryption software can be stopped immediately. But senior executives are not being held accountable for the inaction of their company, regardless of who “makes the mistake”.
The federal government needs to act on preventable identity theft. Now. This is a pattern of bad behavior that senior executives in organizations everywhere need to be made clearly aware of, and given severe, personal financial penalties for not stepping forward and preventing.
