A short while ago my wife lost her purse. Actually to be fair, I lost her purse, which took some doing on my part and I'm not sure that I've heard the end of it. This is likely to be a laugh at dinner parties for quite a long time.
In any case, as soon as we realized that it was lost, we called and started to cancel bank and credit cards, to limit the potential financial damages. It was a hassle, but it was good to see how quickly the banks reacted. Quite a few of them actually closed our account and opened a new one with new numbers to prevent identity fraud. Our debts and/or balances were transferred and new cards were issued. One bank actually cancelled my card as well, just to be safe, which was a hassle, but probably a good idea. I was disappointed that my other bank didn't do that automatically, allowing my card to still work.
In any case, it was somewhat for naught as two days after it was lost, someone found it and returned it to us. No cash inside, but all her credit cards, various other cards and drivers license were inside. Most were useless at this point, but my wife was glad not to have to brave the DMV for a new license. We were glad we'd reacted, but it was a little bittersweet as her purse was returned. It was interesting that one of the customer service reps I spoke with had something similar happen to her. She lost her purse, reported cards lost, and then found it about 12 hours later, too late to reverse anything.
It's probably the prudent thing to just deal with the hassles of reporting items as lost and having them reissued, especially in dealing with your finances, but as society become more and more dependent on IT systems, this might not always be the easiest thing to do. I saw this story about a missing laptop from Clear, the company that is providing a streamlined way for people to move through airport security. The loss was announced, containing identity information, and then found again. It was possibly an over-reaction, but I'm not sure you can over-react when security is involved.
The laptop supposedly did not contain biometric data, but how long before that's not the case? If salespeople, executives, and developers will carry around people's names, social security numbers, and other identifying information on their laptops, how long before they carry biometric information around?
Security is a huge hassle, it gets in the way, and it takes an effort to implement. And often we have no idea of its effectiveness until something is lost (how we usually find out) or there's a foiled loss (which rarely occurs). However you never know when something will happen and you will wish you had encrypted that laptop, backed it up, or locked it down in some other way. A little effort goes a long way here, even though most of the time that might not appear to be the case.
This story concerns me from the standpoint that the laptop was quickly recovered. I am glad that Clear reported the loss immediately, even with it possibly impacting their business, but I am concerned that they, and other companies, might decide to delay reports and gamble that they'll recover the data before much time passes. I hate to see that for one simple reason.
How will they know their data wasn't stolen? After all, the bits are one thing I can copy from you and you might never know I have done so.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.mevio.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
or now on iTunes!
- Windows Media Podcast - 34.5MB WMV
- iPod Video Podcast - 28.9MB MP4
- MP3 Audio Podcast - 5.9MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.