The Zen of Shredding
Governator Terminates New California Identity-Theft Bill

The Data Companies Often Keep, And Should Protect Vigorously

After my experience with IBM's data breach, I first questioned why IBM archived all former employee data forever. Then I began to wonder what types of data companies archive about their employees and former employees -- not just about their customers.

The SearchSecurity.com site has a good summary article about the types of information companies archive:

Employee Health Financial
Name
Social Security numbers
Birth dates
Home phone numbers
Health records
Home addresses
Ethnicity and citizenship
Veteran and disability status
Email addresses
Drivers' license numbers
Medical record numbers
Health plan numbers
Account numbers
Certificate or license numbers
Device identification/serial numbers
Facial photographs
Account balances
ACH numbers
Bank account numbers
Credit card number and Exp. Date
Credit rating
Income data
Payment data
Account numbers
Expiration dates

This is a wealth of information. A virtual gold mine! What identity thief wouldn't want access to this? And, if you and I are aware of the wide range of information companies archive, you can be sure that identity thieves are aware, too.

What I like most about this article is that it clearly explains many of the key State and Federal US laws and standards that require companies to protect this personal data:

I was amazed while reading this article that some privately-held companies don't think that these laws and standards apply to them:

There is a huge misconception among information security professionals today that data privacy laws are not applicable to private companies, but are only designed for publicly traded companies, government organizations or financial institutions. This is not the case. Whether your company is public or private, large or small, today's information privacy regulations may affect you and your organization on many different levels, not just financially and legally.

This definitely clarifies the problem among companies.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.