It seems like an old headline but the news article is filed for March 24, 2008. The Washington Post is reporting that another government laptop has been stolen and again thousands of people have had their personal information compromised:
“A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.”
link: Patients’ Data on Stolen Laptop
Encryption is not difficult. Truly, it is not. When will contravening security policy and putting people’s personal information at risk be a criminal offense?
Furthermore, there was again the delay of nearly a month before notifying people that their confidential information had been compromised. The reasoning behind this delay was because “they hesitated because of concerns that they would provoke undue alarm”. Does delaying notification cause less alarm? This reasoning is baffling. It makes no sense. It is compounding an error and showing disregard for people’s confidential data and subsequent welfare.
How many times does this have to happen before government officials act like they realize that this is serious?
Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/
[tag]national institute of health, laptop, theft, data breach, privacy, security, identity theft, encryption, notification[/tag]