Wednesday, December 13, 2006

How My Personal Information Should be Handled

I've had a lot of time to think about the December 2006 stolen Boeing laptop (as opposed to the November 2005 Stolen Boeing Laptop or the April 2006 stolen Boeing laptop) because I'm at home sick today. I've come up with a few simple rules for companies that have my personal information... especially the information that could be used against me in the Court of Credit Fraud (Its one wrung below the Appellate Court):
  1. My personal information has to be encrypted at all times including during trasmission. The only acceptable time for it to be unencrypted is when its on my computer screen. I know that every company has the means to encrypt information. Do it.
  2. Workers with access to my data should not be issued laptops. You will be chained to your desk at your office.
  3. I'm sorry... but these workers can no longer work from home. 3 rotten apples ruined it for all of you.
  4. All computers containing said information must be bolted down and locked to a concrete floor.
  5. The concrete floor must be in a locked building on a secure campus in a secret location.
Would you like to know? Yes, my information was in with the other 327,999 current and former Boeing employees that are currently at an elevated risk for identity theft (Threat Level Fuscia?). Some thief has my social security number, my address, my phone number, and an assortment of other awesome and previously private information.

In other new, Adam's tonsils are huge... he has an appointment with an otorhinolaryngologists tomorrow at noon because Adam may have tonsilitis.


Nikki Chau said...

"Supposedly" the thief doesn't know what he/she has on hand, because Boeing didn't disclose the location. In any case I agree with you, no laptops, and no working from home. And there should be balls and chains and everything from those specialized stores on Broadway attached to that computer.

Anonymous said...

Wow....and now you add the stolen Univerity of Idaho desktops to the mix....

Anonymous said...

Aaahh...but you the laptop was RECOVERED! ...and it seems there WAS no personally identifiable information after all.

Anonymous said...

As a federal employee working in computer security, I agree with your recommendations, and in fact the federal government recently passed regulation that mandates pretty much those same things for PII (Personally Identifiable Information): OMB Memorandum 06-16 (pdf file) — corporations should also be obligated to the same regulations.

Anonymous said...

So yeah ... scary but true: in my building, which has a newly designed "open forum" where people can drop and hotel or meet informally, I was walking past a small hoteling station and right there in front of God and everyone was an unmanned laptop, screen viewable and unlocked, the computer not locked down, and the owner's laptop case sitting there with a bunch of papers peeping over the brim!!! O.o?

P.S. - love the blog thing, keep it up.