03 September, 2008

It's like Deja Vu all over again.

It seems to be in the news every couple of weeks. A laptop turns up missing. The missing laptop just happens to contain personal information.

It happened again this week at the NTID, a branch of RIT. The laptop in question contained information from 12,700 people who have applied to enroll at NTID since 1968. (If you think you may be affected, you can call the hotline that was set up, 866-624-8330.)

I don't run a college, and wouldn't know the first way to start doing it, but how relevant is student information from 40 years ago? Why is this information on a laptop?

For that matter, why is any of this information on a laptop? It seems that it is taking a risk.

I understand that they need to be able to be mobile, but with the technology that exists today, it seems like an unnecessary gamble.

Here's an idea, keep all of the personal information on central servers back at the office, and connect via a secure connection if you need to be off-site to conduct business.

Here's another example of technology advancing faster than the law. When a laptop with personal information is stolen, it should be 2 crimes, one for the person that stole it, and one for the one person who was responsible for it when it went missing. Maybe then, organizations who are stewards of our personal information would take their charge more seriously, and take the appropriate steps to protect it.

No comments: