Dataloss via Stupidity.
Sometimes we hear about dataloss via theft or loss of a computer. For the most part (assuming I don't hear about it happening to a company on a weekly basis), I can (eventually) forgive the company (even if my personal data has been lost). After all accidents (losing a computer) and burglaries are a fact of life. Does this excuse the practice of not encrypting data? Nope... but as I said... eventually I forgive the company, after all years ago when these were paper files, they weren't encrypted. At the same time, I do feel that there should be serious government fines handed out to companies that lose sensitive customer data (my forgiveness doesn't exclude the requirement for punishment of some sort).
What I can't forgive though is dataloss via stupidity... That is, throwing away sensitive data without making an effort to destroy it. I shred pretty much everything that comes to me in the mail at home... (everything I don't save anyways). I've worked in places where DBAN was utilized religiously before laptops were assigned from one individual to another or old desktops were sold off. I even took a bench grinder to a hard drive one time (although that was more for fun... but it did destroy the data).
I just read this blog post (via Consumerist) and it reminded me once again of the stupidity that sometimes happens. I can get replacing old computers... I even get throwing out the computer (although I'd think that there are plenty of places to donate the machine). I can't get leaving your employee and customer databases, along with letters to customers in place (screenshots on the original blog). This really does come down to Dataloss via Stupidity and I think that's how we need to start defining it.
Someone needs to go and put a big notice on the door of the offending Curves that mentions how poorly they treat customer data. We should start doing this to all companies that fall victim to Dataloss via Stupidity. This is a prime example of one of those unforgiveable acts.
Now I know someone is saying, "But you just said you can forgive accidents... maybe this was an accident." This isn't an accident... Throwing away a letter to a single customer without shredding it that contains personal information... That's an accident. Turning around to grab a drink from the vending machine and having your laptop stolen... That's an accident. Taking a used computer and just tossing it in the trash... that's not an accident... that's stupidity.
In Texas they've got a law requiring those that service computers to have a PI license. Perhaps it's time that we start thinking about licensing to use a computer... We could even have stages of licensing:
- Stage 1: Allowed use of a computer
- Stage 2: Allowed access to the internet
- Stage 3: Allowed use of a computer for business purposes
- Stage 4: Allowed to repair a computer
- Stage 5: Allowed to dispose of or destroy used computer equipment.
In reality that's going way overboard (just like the Texas law), but something needs to be done to prevent the stupid from using computers... and something really needs to be done to prevent Dataloss via Stupidity. Perhaps Curves should be slapped with a nice, big fine just to remind people to think first.