Firm loses 800,000 records as preparedness drill backfires


A disaster preparedness exercise in California inadvertently displayed the pressing need for advanced data loss prevention techniques. During the transport of data storage cartridges by the California Department of Child Support Services, the Associated Press recently reported, four of the devices disappeared.

In losing the devices, the department possibly exposed the names and Social Security numbers, among other details, of 800,000 people. Those affected include both adults and children with information stored in the child support services computer system.

"Unfortunately, we can't assume that our sensitive personal information is safeguarded to the extent that it should be," Beth Givens of data watchdog group Privacy Rights Clearinghouse told the source.

Givens' organization keeps a tally of major data breaches. The AP reported that it has cataloged 550 million lost personal records between the beginning of tracking in 2005 and the present day.

The circumstances of the child support services data breach were strange, the AP reported. The data storage devices disappeared while in transit during a test designed to see if the state data could be used from a remote location in Colorado. The data passed the test, but vanished on the trip back to Sacramento. Whether data is moving physically or moving from system to system, it is critical for companies to know its progress every step of the way and work with a trusted data loss prevention partner.

Other recent data breaches have been more conventional in nature, but given rise to the same results - personal records compromised and trust lost. The Times Colonist recently reported the theft of an unencrypted flash drive from the University of Victoria in British Columbia. The report on the theft concluded that the minimum obligations of data security had not been met, though it was not unusual in that regard. The case's investigator, Elizabeth Denham, disclosed that of the more than 500 recent data breaches in the Canadian province, 30 percent involved the loss of mobile devices with no encryption.

Encrypted or not, data on a physical drive must be carefully tended. Companies with no data strategy or with little interest in data security could soon find their clients' information in nefarious hands. In an era where consumers are more aware of, and concerned about, the third party storage of their personal data than ever, this could lead to backlash against corporate entities. A strong IT risk management strategy involves encryption when data is at rest, secure file transfer when it is on the move, and a constant awareness of that information's status.