Slashdot Mirror
Losing Personal Info On A Laptop Could Get You Charged
E5Rebel writes "The UK's data protection watchdog has called for legislation that would punish corporate or government officials with access to the public's personal data ... who lose it. Unencrypted laptops with this personal information which are lost or stolen will see their owners facing criminal charges. 'HM Revenue and Customs is among the organisations that have recently suffered high profile data security breaches as a result of laptops being lost or stolen. The HMRC laptop containing taxpayer data was encrypted - but other organisations have often failed to encrypt their machines.'"
Might make these idiots think before going out on a piss-up on the way home and taking the laptop with them, then losing it. Legislation like this - which actually takes people's privacy seriously and does something about it - is something we could use more of. And I don't normally hear myself clamouring for new law...
:|
..that a group of people who want to know more and more personal details about you, especially in the last 6 years,.. are now coming up with legislation that should help to take the privacy of people seriously.
I'm all for hardening our security systems in order to both prevent these types of accidents in the first place and to minimize the impact of such accidents in their inevitable occurences. I can't think of any reason a laptop would need to carry that sort of data, much less have it contained on the hard disk in an unencrypted filesystem.
But what I can't fathom is the animal-like need for vengeance against the poor government employees who lost the data as the result of one of these accidents. Unless we can show that the person was deliberately taking the information off-line and then staging the theft, how can we possibly in good conscience ruin this person's life just because he forgot a rule. These aren't the Queen's guards, we're talking about. These are people who work for the government (take that in any way you want).
Why are we not holding banks liable for having a system that encourages identity theft by making it as easy as stealing a laptop? Or holding wallet makers responsible for not securing wallets with anything stronger than a clasp? The reason is because we realize that there are limits to the abilities of these companies that can't be stretched much further. Government employees are mentally stretched to their breaking points. How dare we threaten them with jail time when we can't expect any more from them in the first place?
Might as well squeeze blood from a stone.
I tend not to worry too much about my personal data, but I understand why some people do. If somebody is stupid enough to loose (or get stolen) a computer with other people's data in it, s/he should have to face the consecuences. I guess at some point anybody who is given other people's personal data should have signed something, taking responsibility of their acts.
I'm not saying the punishment should be high, but just as killing someone by not being careful enough is homicide, I think this same idea should be applied in this case.
In any case, if the loss of data has been purely accidental, with no lack of carefulness by the perpetrator, there should be no punishment at all.
Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
I know from personal contacts that this woke the banks up pretty sharply (Nationwide are small and were the first: the FSA have told the big four that they'll get far fiercer treatment). In practice the big four have been quite careful, and have tended to use fairly good encryption: it's no accident that the former building societies have found things harder (see also, in an unrelated area, Northern Rock). But the threat of eight-figure fines (the numbers I've heard bandied around) make it a simple business case to do things properly.
ian
In the modern world, people really need to learn more about data hygiene and security. If criminal charges are what it takes for large organizations and also the general public to become more serious about the routine security of information, then perhaps this is not such a bad thing.
A couple of examples ;
My wife wanted to use my credit card (she doesn't have one) to pay the fees for a educational conference. The conference organisers had a system for collecting payment ; just email all your credit card details (in plaintext) to the secretary! She looked a bit surprised when I refused. When I explained that it would be like writing my card information on a postcard, with a postal service composed of, well, anyone, who would be at liberty to take "photocopies" of the postcard anywhere along it's journey, she was a little more understanding. (I made her telephone the person concerned instead). Perhaps if the iconography of email programs was more "postcardy" instead of "envelopy", this would happen less.
Our office VPN is secured at the concentrator by two-factor authentication. Each user is issued an RSA SecureID token. Last year, they issed the PIN correctly ; the administrator pushes a button and says "NOW" and you remember the first four digits the token is showing - and then you are only person who knows it. This year, they preset them all and mailed them out. Email, that is. In plaintext. This undermines the basic security of the system ; anyone who gains access to those emails now has a list of PINs, most people clip them to the same lanyard as their security pass, identifying the token user. Or even easier, they can do what I did, walk into the office, say "Hi there, can I have my new token...." only to be waved towards the table where they ALL sat, in named envelopes, without my ID even being checked. And this is from people who are supposed to know about information security.
Hopefully the stick of criminal penalties will be wielded diffidently. But people have to shift their perceptions ; data on paper is treated with reverence and locked in a safe, when the data on the computer is left lying around for literally anyone to get hold of. Perhaps this attitude comes from the ease with which computers generate the data in the first place ; it feels cheap and thus "disposable". Which seems silly to a person who knows that a properly managed digital signature is MUCH more secure and reliable than its paper equivalent, but is counter-intuitive to anyone else who still thinks the gold standard is a notary.
How do they propose to enforce this. I would bet damn near 100% of data breaches are self reported by the losing party. If you are suddenly going to face criminal charges I bet it will be a damn rare case where thefts actually get reported. So the statistics will show that data loss is at an alltime low and yet people will actually be at MORE risk due to the fact that companies that would have previously reported the incident and paid the couple hundred thousand for identity protection for a year or two will now keep things quite. Beyond which I also know from published studies that lost information devices have resulted in basically no known identity theft but lack of shredding (dumpster diving) and unsecured databases have led to a heck of a lot of cases.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I think this is a good idea. Of course as soon as due diligence was used (encrypted drive, reasonable system administration, firewall, malware scanner if it is Windows), it should not be criminal anymore. But this will get people to finally think about what they have to do to ensure minimal security standards. About time.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Title: Licensed Data Carrier
Job Description: Carry data from point A to B guaranteeing it never goes to anyone else's hands but the destination's.
Requirements:
A gun
A remote detonation device for the data being carried.
Body armor (ex: bullet proof vest)
Armored vehicle with 24/7 GPS-based tracking.
Salary: $1,000,000/yr.
I don't think the one really has much to do with the other.
The cost of identity theft is almost certainly higher. Even if only a small fraction of these result in actual identity theft the number of names lost per violation is usually in the thousands.
Remember crimes like this have tertiary costs much the same way that building a factory in a community creates more jobs that the number of people it actually hires. Fixing the damage from an identity theft can take a victim years. There is lost wages, lost buying power, not to mention the straight legal costs to fix things which could. actually exceed the cost of incarceration with even just a couple of victims from a given theft.
I honestly think this will likely save money in the long run. It may be difficult to determine that however as it is difficult to calculate the savings from crime that is kept from happening.
Personally I've had the impression that the reason they've instituted all these controls is they have been completely unable to institute hardcore unemployed alcoholic teenager controls. That's just what I get from reading BBC news though. It might be interesting to see what the relative statistics are amongst countries.
I must admit my bias here though. I have long felt that business's ability to data mine the public, and of course me in particular, is offensively invasive. Since the best way for a company to keep from having this problem is to not retain the data in the first place the law does serve my interests even though I do not even live in the country, but only occasionally buy things there by mail.
It's one thing to leave the notebook running on your passenger seat and another one having it taken from you at gunpoint. What I'd expect to happen is this:
1) Create sensible security rules that should keep the data safe, even when on a notebook. Current notebooks are fairly easy to secure to the point where theft of the notebook doesn't mean theft of data. That includes, but is not limited to, choosing secure hardware and software, limiting laptop use to work, reducing user rights to the minimum for operation.
2) Train people and give them a fairly heavy "or else" to follow those rules.
3) If they follow the rules and still have their notebook stolen, no problem. If they're careless, throw the briefcase at them.
What I want to see is the government as a whole to react to the threat. Not finding a scapegoat to take the blame, sack him and go on with the same shit.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If some official loses public data, punish them by publishing their data. All of it. And in the first year if they change their passwords and PINs, publish the new ones too.
This would be a useful deterrent, as well as an object lesson for the "you have nothing to fear if you have nothing to hide" anti-privacy muppets.
Reduce, reuse, cycle
Here we go again, as mentioned, we are trying to enact laws that punish the wrong person(s). The fact that they have personal data on a laptop that is not physically secured is a sign that the organization that they work for is corrupt or inept. Please please please let's look at how such incidents happen, then punish the culpable, not simply state that the bag man is going to hang.
I believe that you will find that in more than 90% of such cases, the end user was following the given policies for the data they were using. We ALREADY have laws for how that data is to be treated. Breaches of those laws must be processed before we look for new laws. I cannot cite any specific regulations, but financial institutions and basic corporations now have legal requirements on how to treat privacy information. SarBox law in the US, and I'm sure that the UK has similar regulations. The fact that the information is getting 'lost' to someone in the public is not indication of criminal activity, but lax processes in the organization for which they work. Laptop theft is rampant, some would say, because they are easy to take. Often because the theft is easy, and done by someone who has no idea what is on the laptop hard drive.
So, lets just have guidance on how to process the legal side of such breeches. Find out what safeguards were in place, if they were being used, if the end user was obviously ignoring them etc. There is seldom need for new laws, simply better processes or guidelines for using what currently exists. Remember, tax evasion was used to get some mobsters? Misuse of government equipment? How about dereliction of duty? There are tons of ways to punish someone without creating new laws. I sometimes think that people would enact a law to prohibit large turds if it would stop the problems with the outdated treatment plants. Look at all the silly laws that are still on the books. Do we really need a new law that will be useless in 5 years?
Politicians and the Internet.... oil and water.
Support NYCountryLawyer RIAA vs People
If a PC (or laptop, or a server)that holds confidential data is audited and shown to be vulnerable to external attack, then this is just as negligent as leaving unprotected data open to theft and should be treated in the same way.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
The problem with the whole "ignorance is not a defence" argument is that, as convenient a sound-bite as it makes, it's still an unreasonable cop-out.
No-one knows what every law in the country that applies to them says. Even if they did, many people could not understand the legalese without assistance. There have been demonstrations that show that even MPs who approve our legislation can't complete their own tax return correctly. Our own government frequently fails to follow its own laws because some official didn't know what some other official was doing — and that's their full-time job!
It may be a legal convenience to say that ignorance is not a defence, but ethically it is a very dubious principle if it isn't matched with an effective education policy that makes it a reasonable assumption that everyone should know and understand all the laws that apply to them. If you construct a system where no-one can know it, and then say that not knowing it is no defence, then you are simply criminalising arbitrarily, and that is universally the mark of a legal system gone too far.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The problem that I see with this is that government agencies (or corporations) aren't being penalized. I don't think that the employee can be blamed when the corporate policy allows the employee to have sensitive information on their laptop *and* take the laptop off-site.
Let's face it. I'm sure *a lot* of employees don't even know much about encryption software, let alone which ones to use and how they work. I don't see the sense in blaming an employee that "should have known better" when it's possible that the company didn't provide the tools/training to allow employee to know what to do.
That being said, the employee has some responsibility to bear as well. If they take it to a restaurant and accidentally leave it there, that's their fault. If the company *does* have a policy about encrypting private information and the employee doesn't follow it, then it's the employee's negligence. If the company says, "No private data offsite," and the employee leaves with it on his/her laptop. It's that employee's own fault.
So, The number of lost laptops is going to drop to zero, and the number of stolen laptops (stolen, no doubt by Middle Eastern gentlemen of unspecified heights) is going to go up.
If they're going to enforce anything, they should enforce encryption on the laptops. Punishing minor officials for honest mistakes is a pretty stupid thing to do.
Training monkeys for world domination since 1439
Why are we not holding banks liable for having a system that encourages identity theft by making it as easy as stealing a laptop? Or holding wallet makers responsible for not securing wallets with anything stronger than a clasp? The reason is because we realize that there are limits to the abilities of these companies that can't be stretched much further. Government employees are mentally stretched to their breaking points. How dare we threaten them with jail time when we can't expect any more from them in the first place?
Perhaps they should have thought of that before legally compelling me to disclose sensitive private data that could be used to ruin my life if it was abused or fell into the wrong hands?
If the situation is reversed, and a member of the public fails to follow procedures that have been shown to be too complicated for the average citizen to get right, the government has no trouble with imposing instant fines instead of allowing people to fix honest mistakes.
I have absolutely no sympathy for the government here. They make the rules. No-one is forcing them to make laws like this, and no-one is forcing anyone to work for departments with lax security. If you make a pact with the devil, expect to go to hell.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Ok... hypothetical (but realistic) situation:
What about if your job calls for you to take a laptop that you don't necessarily "want", but it's now part of your job (as a travelling salesman, a consultant, or whatever)? And what if the lunkheads who image that laptop don't bother to put any encryption or other data protection software on it? And you're not allowed to add any "unauthorized software" to help protect yourself?
Guess what? Your employer has made you the IT equivalent of a soft target.
Under the above scenario, it seems enormously unfair to become subject to criminal charges due to the negligence of your employer. Easy for all you critics to say "go get another job"... while that certainly would be the ultimate solution, that's hard to do in an economy where consolidation and right-sizing still rule the day.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
The "crime" occurred when the government forced the data from you.
:-).
I want to see reports of data leaking like this as often as possible, so people begin to understand the danger of putting all your eggs in one basket. This legislation is designed to increase the appearance that our life is safe in government hands. The government is as likely to not abuse huge centralised databases on citizens ("subjects") as any other government in history that's built huge centralised databases on citizens.
This all comes back to the red^Wterror scare. My father worked in London through the IRA bombing campaign; his nearest miss was probably 50-100m away from an explosion. At no point do I recall him or anyone saying, "you know, if the government held more information on us, the IRA would stop!" At no point do I recall him announcing that he was scared and felt the need to work elsewhere unless the government protected him. Mind you, he grew up during the Spanish civil war. He knew the difference between a truly high-risk environment, one where there's a small chance of disruption, and today's pathetic scaremongering.
I'd say that the UK is becoming a nation of pussies, but that would insult my cat, who seems far better at risk assessment than the average human
if they wheeled a filing cabinet full of records out into the parking lot and left it to be stolen then I would expect them to be punished, I would expect this to be no different.
sounds entirely reasonable to me.
and of course, mandated encryption as well.
In fact very few people will have to deal with the obscure points of law in their lives. On the other hand, everybody knows shoplifting is illegal.
Ignorance as a defence is invalid because it's impossible to disprove it; anyone couldclaim not to know murder's illegal.
[1] Two examples people trip up on - tenancy & food hygiene.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Enforcement is expensive, the amount of legislation this government has past is amazing, any problem they legislate, not look at the actual problem. Yes this is (partially) true of all governments, but it's particularly true with this one.
Government-regulated common sense and responsibility. I agree with it, but it seems unnecessary. I mean, this people are supposed to be professionals.
I'm not a troll, but I play one on Slashdot.
Physically losing a laptop, is not in itself a crime. The negligence aspect of containing confidential data on an unsecured device is what turns stupidity into an offence.
Securing and encrypting the drive is a job for the organisation's IT infrastructure team, not the end employee. Given that government officials are generally not the most tech-savvy people around, it seems crazy to punish them for something that should already be pre-installed on their machine when they receive it.
The law states that businesses, government (except The Home Office of course) have to take reasonable precautions. Whether the laptop the data is on is lost or it's stolen doesn't matter. It's the lack of precautions which matter. Particularly when it's as simple as:
http://www.truecrypt.org/
Deleted
Sorry but humans lose things.
You need to design things assuming that people will lose things.
Humans are not perfect.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
You're missing an important point. Scottish Law is totally different from English law, therefore you don't really talk about "UK Law".
-- Sorry, I can't think of anything funny to say here.
This isn't about getting at the truth! This is about being righteously indignant that you aren't HAPPY to give the government over 30% of your income for an obscenely bloated and ineffective bureaucracy!
"Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
When private information is lost, you want it reported *immediately*, so you can minimize the impact. If you penalize the person who lost a laptop, he will spend more time trying to find it and/or hiding the loss. This is a bad thing. (tm)
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
This should also be carried over to agents and brokers that work in the field or make house calls - whether it is real estate, financial planners or insurance - these people have extensive personal data being carried on the laptops about their clients. These laptops get lost or stolen at a staggering rate!
If proper measures are not being taken to secure/encrypt that data - then they should be liable. The technologies exist - there is NO excuse.
The1Genius - Littera Scripta Manet
1. Make Law requiring people hand over encryption keys.
2. Make Law requiring all laptops with personal data be encrypted.
3. Decrypt laptops.
4. ?
5. Send them to Prison!
The issue is we are dealing with sensitive data, so I can see the reasoning behind the need to punish. On the other hand its not always easy to make the difference between incompetence and malice. If the computers they are using are their professional PCs, then the computers they use should:
- have encrypted file systems
- password access for logging into the computer, after power-up, wake-up and screen-saver deactivate
If they are their own computers then either they should not be allowed this data there or they should have to follow the same policies as work computers.
At the end of the day it should be both and management policy and IT policy to ensure this is done.
All that said, does anyone know how to have encrypted storage for user accounts under Windows?
Jumpstart the tartan drive.
People who are suggesting that government employees shouldn't be punished for losing personal information... sorry, but you're wrong. People who are tasked with being responsible for people's information should be held accountable for any loss of data caused by their negligence. It's just irresponsable to
a) not encrypt laptops with personal data and
b) not take good enough care of said laptops to protect them from getting stolen.
Generally this kind of issue occurs when an employee leaves a laptop sitting around (usually in their car) and it gets stolen. Now, I don't know about you, but I know I wouldn't leave ANY laptop in my car, especially not one with sensitive information.
The only issue I see is that the information lost on stolen/lost laptops will be signifigantly downplayed by employees in the future...
Canada is generally a sparsely populated place, with almost the same area as the USA but nowhere NEAR the population, OR the multiple ethnicity. French and English speaking WHITE PEOPLE can barely get along, and just imagine what will happen if they had the multiple ethnicities we have down here up there. I recall a friend of mine who is very pro gun restrictions (weapons in general) who had this joyful period where she hid in her house. Why? Because the Ethiopian immigrants were causing all sorts of trouble up in the Medicine Hat area... seems the meat packing plant where they were working was shut down for some period. Amazing how a simple thing as rampant unemployment or mass firings can ruin the "peace" of a semi rural place, especially one as "gun safe" as Canada.
:) As the sheeple say, I say. "Not my problem. They want it, I won't deny it to them, in fact I won't lift a finger except to enjoy the irony, as I am doing now."
Oh well, not my problem.
As for your organized crime comment. Recall that Canada doesn't have even have one quarter of the USA's population, nor population density, nor the ethnic diversity. This is out of date, but round up by 10 to 15 million, and they still barely have less than 1/9th of the USA's "recorded" population last year. Canada isn't even catching up, they're still way ahead, density wise, in "crime statistics". I forgot where I read it, but they're proud of their serial killer count being less than a third of that of the USA. Interesting pride, given that by density alone, they should have less than a ninth of the USA's active killers, but don't let something like "per capita occurence" bother them.
I use arms ownership (not necessarily guns) as a statistic to study when studying how easy a people will be to bully over using force. As I understand it, police routinely bully people protesting in any area with a low occurrence of arms ownership/carry. I routinely read reports from alternative media (only credible media anymore) detailing how a protest or get together or whatnot was busted up using SWAT teams and riot tanks, they either lacked a license to protest against some injustice or lacked the RIGHT license... riot tanks in "free countries", licensing a non violent protest?? I've heard these arguments before, but back then I was hearing them in Eastern Europe during the 1980's... guess the "free world" is fast catching up. At least the sheeple are kept safe until their time to be butchered is decided upon.
One word
" What luck for rulers that men do not think" - Adolf Hitler
It is a piece of paper, a bunch of numbers. It is what someone else says you are, or details about you might be. If tomorrow it was erased, you would be a truly free man. (Or woman.)
:)
Think about it, someone asks "who are you." You answer to a question that 50 years ago used to be "what is your name?" YOUR NAME, not YOU. YOU are you, your name is changeable, and it doesn't really describe you. It's like asking, "Hi Joe, what are you." "Oh I'm a computer engineer." NO, that is what you do to pay the rent. It's pretty "in the box" thinking, actually.
As for me, I use cash for my transactions, and have a very small credit/debit account. I watch it carefully and keep only what I need in it, but since most of my online personal purchases are made with money orders or a few online payment systems that haven't caught onto the mainstream yet, but will since they're OSS and there's no overhead organization to lose your data, its all up to you. I won't put their names up here because I doubt there'd be any productive use of their resources by the average slashdotter
All in all, they can steal my identity all day long, all they'd do is steal it from those who already stole it... the classifying freaks at whatever alphabet soup bureau controls people licensing. After all, you do need a permit to live, its just not called that... yet.
" What luck for rulers that men do not think" - Adolf Hitler
Why not punish resulting crime. If a company fails its customers like this, or if your ID is stolen and you follow some great loss and then follow it back to that company, you should A, have options to go to while suing said company, and B the company should not be running the courts and thus have an inherent interest in protecting itself.
I.E. one of the biggest losers of ID info is who? Yes, the government, followed closely by BANKS, which are heavily regulated by? Ahem, yes, the government. Irony at its best? Why not. Everything people clamor for as safety is merely slavery with a sugar coated topping. Irony indeed. I love it.
" What luck for rulers that men do not think" - Adolf Hitler
Charging someone who negligently loses a laptop with personal information is understandable. I can even see charging them if they leave it in a place where it can easily be stolen, like leaving it in a car overnight. But, what if someone breaks into a person's house and steals a laptop? I envision this law becoming a convenient way of making someone into a scapegoat....
when all of you said "information wants to be free"? Well it appears that your personal information also wants to be free. With bone-headed moves like this UK'rs can now expect to have all of their personal data in the public domain in no time. Including the numbnuts that thought this brilliant scheme up.
Unencrypted laptops with this personal information which are lost or stolen will see their owners facing criminal charges
I'd rather have any owners carrying data that is unencrypted at all face criminal charges. There's no reason not to encrypt stuff. I have my enture documents folder on my iBook under filevault. I don't know that it's perfect, but it's better than nothing. People carrying around the personal information of large numbers of people should absolutely be using some high-grade encryption on all of it. If I plug someone's hard drive into my PC I should not be able to see anything on it. Period.
You're posting on a "geek" site and yet you cannot notice the mathematical usage of the term "area"?? Sheesh.
" What luck for rulers that men do not think" - Adolf Hitler
I was hoping individuals would've taken the cue as well, but it seems we're still dealing with "peoples" and we all know how independent thinking those types will be. Or perhaps we don't, or that inside the box crap would've changed a long time ago.
:)
We are agreed, but I keep telling you that you're not going to make Big Brother whup Little Brother's ass. Only time that occurs is when Little Brother hurts something that Big Brother has interest in, and I hate to tell you, but Big Brother has NEVER had any interest in preserving the livestock's freedom. Livestock is food, and people who act as such get treated as such
As for "it happens", I will differ, and I won't beg to do it. I have yet to lose any of the following (back when I actually carried all this crap). A) Laptop, B) Cellphone, C)Dayplanner, D)Wallet/ID's/CreditCards/Sunglasses. In fact the only screwup I've ever done was when I was a teenager, I locked my keys in the car without having a backup in my pocket. That was the first and only time. All it takes is preparation and willingness to plan ahead. I understand that this is not a trait that is common among the general populace, since Britney's latest nipple show or tit operation is FAR more important. Or perhaps OJ found the "other bloody glove." Who knows, but thinking and planning ahead are such a bother, why bother?
" What luck for rulers that men do not think" - Adolf Hitler
It's completely unreasonable for a company or government to issue a laptop to an individual and tell him if he loses it or it gets stolen, he's going to jail.
What would you do if your boss gave you a laptop and told you just that? Most people, I think, wouldn't touch the laptop with a proverbial 10 foot pole. So the only people who are going to be caught by this are people who are unaware of the situation.
They need stricter rules against the organizations not the officials! I have seen this happen repeatedly... In Poland, the employee is ultimately responsible. If a grocery store is robbed, the cashier will owe the store. This does not strengthen the security of the store, because there is no incentive for the business to improve security, it only puts the employees at great risk!
In this case, you will have organizations providing important information to non-technical employees that know nothing about encryption or the law. If information is stolen, the risk is on the employee, so the company makes no effort to properly secure the data. On the other hand, if the organization was at greater risk, they would make an effort to educate their employees and enforce fool-proof security measures.
A law such as this that shifts responsibility to the employee will do nothing to prevent such things from happening in the first place, it will only mean certain financial ruin for a number of unfortunate families.
See http://www.straightdope.com/mailbag/mwar1812.htm
There seems to be a disconnect here. My impression was that we were talking about the effect such legislation would have on the nation as a whole economically.
As such while your fiscal behavior seems prudent, like prudence in general it is not particularly common. The average consumer does in fact have very large vulnerability in this area.
The other possiblity is the definition of identity as used. There is identity and then identity theft.
Identity theft is a particular crime currently running rampant in the U.S. The way it works is someone gets your social security number and your address and other personal information sufficient for them to pretend to be you. Then they do things like take out dozens of credit cards and max them or mortgage your house out from under you. People have been ripped off for tens or even hundreds of thousands of dollars. Fixing the problem can take years and cost yet more money. I don't know how often it happens in Europe, but it's a real problem here. I vaguely remember one major data theft involving ebay identities, the repercussions for which are definitely not limited to the United States.
While encrypting local data can be a solution, insuring that all sensitive data is properly encrypted can be difficult. Moreover, proving that all such data has been encrypted after a laptop has been lost or stolen is practically impossible. A much better solution is to simply store all data on central servers at the data center, and access them remotely via Server Based Computing: http://ericomguy.blogspot.com/2007/11/sbc-could-save-you-from-jail.html
What I'm suggesting is simple, by not seriously patronizing the credit establishment, always buying used or old cars (give up some of the glamor and save a boatload of cash and headaches), etc, I have reduced my footprint, hard to steal an identity when I live life in the flesh instead of on paper in someone else's computer (at least I believe I am). I have no real credit rating, nor do I truly require one, and frankly, I can barely wait for the credit crunch. All those suckers living FAR beyond their means are already losing their mortgages/house ATM's, and soon their plastic ATM's. Sooner or later they'll have to live within their means, and that will make for an amusing show.
.22's on the edge of town and shooting off fireworks in town after dark, and none of us mind it (actually I like it, personally speaking), except for a few sissies who keep bringing it up for ballot each year and thankfully, get slapped down each year like the socialist control freaks they are.
What I was getting at is simple. Identity theft is only a problem for those who have been deeply engaged in the identity dependent system and not paying attention to their footprints they leave behind. You don't have to live in the woods to cut your footprint down, though I'm sure it helps. Area I live in, is in fact, semi rural, somewhat suburbia, somewhat rural, not really either. Still got rednecks out here hunting rabbits and squirrels with
As for social security numbers, it is ILLEGAL for any company to require you to give it out to do business with you. Even the cops have no right to get that number from you unless you volunteer it. All you owe them at all is your name, your address and your birthdate. Technically, only if you HAVE an address. That number is intended ONLY for social security withholding/benefits so technically nobody has a right to ask you for it, and you have the right to decline to give it. I think the problem with people giving it out to every scumbag that asks is simply the authority worshipping / socialist conditioning... "when somenone in authority asks you a question, you answer!"
The results or the indoctrination and the system that carries it out are apparently very visible but not well understood yet.
" What luck for rulers that men do not think" - Adolf Hitler
Why put something on your laptop when you can implement a server-based approach?
And why use a non-free OS at all?
Imagine a thief faced with a Debian OS (command line and not even bash), an encrypted filesystem, which if they manage to break at all will find a nice cartoon poking fun at them as all the hot stuff lie at a distant secure server, coupled with steganocryptography.
Why exactly should government personnel be any more subject to prosecution of losing your personal information than corporate personnel or other organisations or people who should be expected to be careful?
If you meant to say that government personnel should not be any less subject than anyone else, I fully agree with you.
Indeed, but "the nation as a whole" includes that tiny minority that has the forward looking ability to actually live their lives in a healthy manner. For those of us that do so, watching the rest get their "come uppance" is satisfying, if at times saddening.
Those who clamor for a free lunch and lose their souls in the bargain deserve exactly that. Can't force people to free themselves of unnecessary burdens, you can only make the knowledge, info, and examples available. Regardless of how deep they are buried under the status quo, there are other, far more successful examples than even my own. As the prophets have stated, let those who have eyes see, those who have ears hear... not hard to do, really.
Life is to be lived, dangers mitigated, opportunities capitalized on, and fears overcome. The vast majority of any nation get exactly what they wish for. Slavery... ahem... *safety*.
I see it with some of my former friends from school. They put up with girlfriend abuse as easily as they do with government abuse. Politicians lie consistently, and they still put up with it, girlfriends cheat on 'em and they still take them back. They deserve the outcomes (rulers who pretend to be representatives or bad cases of syphilis) because they consistently enable those outcomes. As for me, I minimize my exposure to these individuals and refuse to further associate myself with them. It really is that simple. If we're intended to be friends or associates again, the universe brings them to my door once they've changed. So far, the stupid have remained so, and have fought tooth and nail to enable those who would oppress them. Who am I to deny them their just deserts?
Rewarding poor standards of honesty, in any relationship, results in abuse. Paying for it (taxation, buying expensive presents, etc) is tantamount to being irrevocably stupid. Not ignorant, but plain stupid.
" What luck for rulers that men do not think" - Adolf Hitler
Maybe staff who deal with this type of sensitive information should just not be allowed to work at home/on the move?
"You will work for a while, you will be caught, you will confess, and then you will die... There is no possibility that any perceptible change will happen within our own lifetime. We are the dead."
"For the first time he perceived that if you want to keep a secret you must also hide it from yourself."
"Do it to Julia! Do it to Julia! Not me! Julia! I don't care what you do to her. Tear her face off, strip her to the bones. Not me! Julia! Not me!"
Eric Blair