MyLaptopGPS

Say you work for a large company–seems like a safe bet, right? You often have job security, generous benefits, and many other perks. You’d think that security would extend to your Social Security number and other data, which the company has by virtue of you being its employee. But that security isn’t always a given; in fact, it seldom is if the news is any indication. This, at least, is what workers for a large cable provider based in St. Louis, Mo., have learned.

On Aug. 13, The Associated Press reported on the theft of 12 laptops–yes, 12 of them–from Charter Communications Inc.’s offices. During the week prior to the AP report, just about 9,000 former and current employees received notification from the firm that their Social Security numbers, associated names and birth dates were on the stolen machines. Even so, Charter Communications has “no reason to believe that the information has been or will be used improperly,” according to a company spokesperson quoted in the news report.

But they most surely do.

Any time a laptop computer with thousands of people’s Social Security numbers matched to other identifying information goes missing to thieves, the assumption should be that each and every one of those individuals is at risk of all kinds of fraud at the hands of identity thieves.

After all, most laptop thieves aren’t stealing the machines just for the hardware. In fact, the hardware is typically of little use to them. Sure, stolen laptops refurbished for the black market can fetch “good coin,” but an identity thief steals a laptop computer from a business because he understands that most firms exercise poor control over the kind of information stored on these machines. The thief knows that he’ll eventually hit the mother lode: a spreadsheet with thousands of employees’ names, Social Security numbers, birth dates, and maybe more — the raw ingredients for identity theft.

We’ve reported on the prevalence of laptop theft in many ways. The crime is rampant, frequently places consumers’ valuable data records in harm’s way, and costs billions. And now we can top off all this with the fact that many organizations seem to take forever to notify those whose data records are on stolen machines that their identities just might be in danger.

Take the recent news from across the pond.

This week, The Irish Times and others are reporting that the country’s Department of Social and Family Affairs lost a laptop computer to theft–a year ago. Furthermore, the agency is apparently just now contacting the social welfare recipients whose personal details were stored on the computer–all 380,000 of them, including about 100,000 whose bank account information was mixed in with the records on the machine.

Is it any wonder that consumers “are dissatisfied with the notification process used by companies following a data breach affecting their personal information,” according to a news release covering recent research from the Ponemon Institute on 1,795 U.S. consumers? The Consumer’s Report Card on Data Breach Notification reveals that more than 55 percent of respondents to the Ponemon survey report receiving notification of a data breach more than one month after the incident. Additionally, 50 percent of respondents rate the timeliness, clarity and quality of these notifications as only fair or poor.

While Ponemon’s research doesn’t specifically explore cases in which victims have waited as long as a year after an event occurs before even learning that the theft indeed happened (and that the incident left their information in peril for all that time), consumers on both sides of the Atlantic probably don’t like the idea. Needless to say, a viable laptop tracking and data recovery solution would have gone a long way in helping Ireland’s social welfare agency to retrieve its own laptop–and, more importantly, other people’s data that just so happened to be on the organization’s mobile computing device.