MyLaptopGPS

Researchers at Carnegie Mellon University related in their September study that breach-notification laws have only reduced identity theft by about 2%. This is a pretty alarming statistic, considering more than 40 states have adopted the law. Now, Nevada legislation is working to nudge that statistic up a bit with its newly enforced data encryption law.

According to Ben Worthen’s article in the Wall Street Journal, Nevada is the first state (Michigan, Massachusetts and Washington plan to follow suit) to adopt laws that will force businesses “to revamp the way they protect customer data.” The law requires all businesses to encrypt personally identifiable customer data that are transmitted electronically.

However, this law does not just affect Nevada businesses. It spiderwebs out to all out-of-state companies with operations or customers in the state. National Life Group, based in Montpelier, Vermont, is one of thousands of companies that are scrutinizing the new law. Information Security Officer Andrew Spiers told WSJ, “We do business in all 50 states so we’re definitely reviewing [the new security laws].”

Though some companies are frowning upon this addition — which is going to be quite costly (especially in the country’s current financial crisis) –others are nodding to the money that this new law will save them in legal fees. The law dictates that all companies with the encryption in use are only liable for up to $1,000 in damages to each customer involved in a data breach. Without encryption, companies are liable for any potential lawsuits, including the added charge of negligence since they failed to cooperate with the newly passed law. In the long run, having the new data encryption can save billions of dollars in legal fees, though up front it will be slightly costly.

The Massachusetts state government estimates that a business with 10 employees will need to spend up to $3,000 starting out, and another $500 a month to comply with the encryption law. Larger companies assess costs to be the same per employee.

While they’re still on the data security subject, it would be wise to add a service like the laptop tracking provided by MyLaptopGPS — because despite encryption policies, laptops will inevitably be stolen. It’s better to have the encrypted data back in the right hands than floating around cyberspace somewhere with no way to recover it.

So, Nevada… think about that little addition.

From the last post,  you already know about the security breach in the UK. But right here, back in the U.S. of A. we’ve got another security breach on our hands: one that’s been building like plaque for five years. And unfortunately, there’s no proverbial dentist in existence who can restore the data to its previous glory.

Over the five-year time period of 2002 to 2007, the Bureau of Alcohol, Tobacco, Firearms and Explosives lost 418 laptop computers and 76 weapons, according to a news release posted by the Justice Department on Sept. 17, 2008.

In her related article for The Washington Post, Holly Watt noted that “two weapons were subsequently used to commit crimes.” Watt also determined that several of the missing firearms were haphazardly “left” in public places… one on an airplane, three in bathrooms, one in a shopping cart, and two on the top of cars.

It is hardly a stretch to call these practices ludicrous, and to demand change.

The fascinating part, however, is that officials aren’t even aware of what information was contained on the 418 stolen laptops. That’s government affairs, political folly, and who knows what else that is now available to any petty grocery store thief.

And with airport laptop theft at an all time high, certainly there should be cause for alarm for any government officials with lost or stolen laptops. Frankly, had even one of these laptops been equipped with security technology like that offered by MyLaptopGPS, these sensitive files could have been easily recovered and returned to the correct public officials.

Somewhere, thieves may already be drunk on the confidential information identifying close to 200,000 current and former employers of domestic brewer Anheuser-Busch Companies Inc. That’s because two laptops belonging to the firm went missing to thieves in June, according to The Associated Press. As typically seems to be the case with such thefts, “the company does not believe any fraudulent credit transactions or cases of identity theft have resulted from the laptop thefts,” reports the AP.

The question is, how can any company that has lost computers containing hundreds of thousands of employees’ Social Security numbers, addresses, dates of birth and more possibly believe the information isn’t somehow at risk? Any company that has lost computers to thieves ought to assume this to be the case.

Why?

It is nearly a certainty that valuable information, encrypted or not, in the hands of criminals is going to leave those it identifies at the mercy of identity thieves. In fact, this information’s availability is likely the very reason for the scope and magnitude of laptop theft. Once that information is gone, the pain really begins, as A-B has probably learned in marshaling the effort to notify potential victims, who reside in states across the nation.

The alternative, of course, is simple. You’re here at MyLaptopGPS right now. Just take a look around our site and learn how you could be saving yourself a lot of grief — not to mention money — by making the pennies-on-the-dollars investment in laptop tracking technology. Spare yourself the headache of becoming the next company that’s hemorrhaged many thousands of employees’ unique data records.

Say you work for a large company–seems like a safe bet, right? You often have job security, generous benefits, and many other perks. You’d think that security would extend to your Social Security number and other data, which the company has by virtue of you being its employee. But that security isn’t always a given; in fact, it seldom is if the news is any indication. This, at least, is what workers for a large cable provider based in St. Louis, Mo., have learned.

On Aug. 13, The Associated Press reported on the theft of 12 laptops–yes, 12 of them–from Charter Communications Inc.’s offices. During the week prior to the AP report, just about 9,000 former and current employees received notification from the firm that their Social Security numbers, associated names and birth dates were on the stolen machines. Even so, Charter Communications has “no reason to believe that the information has been or will be used improperly,” according to a company spokesperson quoted in the news report.

But they most surely do.

Any time a laptop computer with thousands of people’s Social Security numbers matched to other identifying information goes missing to thieves, the assumption should be that each and every one of those individuals is at risk of all kinds of fraud at the hands of identity thieves.

After all, most laptop thieves aren’t stealing the machines just for the hardware. In fact, the hardware is typically of little use to them. Sure, stolen laptops refurbished for the black market can fetch “good coin,” but an identity thief steals a laptop computer from a business because he understands that most firms exercise poor control over the kind of information stored on these machines. The thief knows that he’ll eventually hit the mother lode: a spreadsheet with thousands of employees’ names, Social Security numbers, birth dates, and maybe more — the raw ingredients for identity theft.

We’ve reported on the prevalence of laptop theft in many ways. The crime is rampant, frequently places consumers’ valuable data records in harm’s way, and costs billions. And now we can top off all this with the fact that many organizations seem to take forever to notify those whose data records are on stolen machines that their identities just might be in danger.

Take the recent news from across the pond.

This week, The Irish Times and others are reporting that the country’s Department of Social and Family Affairs lost a laptop computer to theft–a year ago. Furthermore, the agency is apparently just now contacting the social welfare recipients whose personal details were stored on the computer–all 380,000 of them, including about 100,000 whose bank account information was mixed in with the records on the machine.

Is it any wonder that consumers “are dissatisfied with the notification process used by companies following a data breach affecting their personal information,” according to a news release covering recent research from the Ponemon Institute on 1,795 U.S. consumers? The Consumer’s Report Card on Data Breach Notification reveals that more than 55 percent of respondents to the Ponemon survey report receiving notification of a data breach more than one month after the incident. Additionally, 50 percent of respondents rate the timeliness, clarity and quality of these notifications as only fair or poor.

While Ponemon’s research doesn’t specifically explore cases in which victims have waited as long as a year after an event occurs before even learning that the theft indeed happened (and that the incident left their information in peril for all that time), consumers on both sides of the Atlantic probably don’t like the idea. Needless to say, a viable laptop tracking and data recovery solution would have gone a long way in helping Ireland’s social welfare agency to retrieve its own laptop–and, more importantly, other people’s data that just so happened to be on the organization’s mobile computing device.