Last month I wrote about the lost laptop lunacy where I revealed that four out of five US companies had lost at least one laptop containing sensitive information over the past year and that most companies did not have a clue what was on the missing hardware.
Now Robert Ellis Smith, publisher of the Privacy Journal has a piece in Forbes identifying the companies that have gone and lost laptops containing sensitive information.
Names include ING, Ahold USA, Deloitte, Electronic Data Systems, Equifax, Mercantile Potomac Bank, aetna, Hewlett-Packard, Fidelity Investments, Hotels.com and Ernst & Young.
This is not only dumb, it's also legally irresponsible. Sarbanes-Oxley requires CEOs and CFOs to attest to their companies having proper internal controls. Now, try vouching for the robustness of internal controls when the systems maintaining financial data aren't demonstrably secure.
Smith advocates some sort of legislation legislation requiring the confinement of databases with individuals' account numbers, medical data and financial information, and ensuring they are at the very least encrypted or password protected.
But the bigger problem is that most companies don't even know what's on the missing laptops. They're not even at first base!
no comment untill now