Jaime Chanaga, CISSP, CISA

Here we go again.  This time Administaff, Inc. is reporting the theft of a laptop containing the names, addresses and social security numbers for 96,000 former and 63,000 current employees.

For more information go to: http://www.administaff.com/idprotection/

When will organizations get serious and do something about the lax policies and procedures in their corporate culture to prevent incidents like these? 

Technology solutions such as data encryption and password protection are only a part of the solution in protecting confidential information.  Organizations must do a better job at defining good corporate policies and procedures for ensuring that confidential information is protected appropriately.  Organizations must do a better job at educating their workforce on the policies, procedures, and risks faced in protecting confidential information.

The Federation of American Scientists (www.fas.org) Project on Government Secrecy has recently commented regarding Comcast's (NASDAQ: CMCSA) support for law enforcement investigation and domestic surveillance activities.

The "Comcast Cable Law Enforcement Handbook," (download PDF at: http://www.fas.org/blog/secrecy/docs/handbook.pdf) while supportive of U.S. law enforcement community, sets clear guidelines for protecting the privacy of Comcast customers.  Comcast is also requiring $1,000.00 as a setup fee and an ongoing $750.00 monthly fee, to install any device to comply with law enforcement surveillance requests that are authorized under the Foreign Intelligence Surveillance Act (FISA).

The FAS comments:

"The role of telecommunications companies in intelligence surveillance is under increased scrutiny as the Bush Administration seeks to shield the companies from any liability associated with their cooperation in what may be illegal warrantless surveillance." (see blog: http://www.fas.org/blog/secrecy/2007/10/implementing_domestic_intellig.html)

As a law abiding U.S. Citizen, I find it encouraging to see Comcast follow the law in requiring the law enforcement community to adhere to the letter of the law when fulfilling investigative requests, instead of blindly following the U.S. executive branch in support of any warrantless surveillance programs.

For more information see:

• Electronic Frontier Foundation - NSA Spying
• American Civil Liberties Union v. NSA
• Wikipedia - NSA Warrantless Surveillance Controversy

Montana State University issued a press release on October 12, 2007 regarding a data security breach possibly affecting 1,400 people "who enrolled online for MSU Extended University courses during the last two years."

MSU states they have encryption technology controls on the stored data which may have been exposed.  The exposed data may include credit card and social security numbers. 

MSU has setup a dedicated web site with more information on this incident at: http://eu.montana.edu/security/