Will someone PLEASE explain to me…
Fidelity Investments says they’ve lost a laptop containing customer information, including “names, addresses, Social Security numbers, and more—on as many as 196,000 Hewlett-Packard employees who have Fidelity retirement accounts”.
Their explanation is that they only allow information like that on laptops when it is needed for “client meetings”.
There is no excuse for that kind of information ever being on a laptop. You wanna tell me Fidelity never heard of encrypted VPN channels to web applications? There should be no locally cached data sets.
We all know the persistence of data on hard drives. What’s their procedure for deleting the data after the meetings? To do it right, you need to use a shredding application. Do all their field reps know how to do that? And DO they do it?
I wouldn’t be torqued about this except it happens all the time with the companies that hold our ‘identity-theftable’ data in their systems. At least the law now makes it harder for them to sweep the loss or breach under the rug; they have to notify the affected individuals and do a bunch of remediation, but lots of people can slip through the cracks.
This was first identified as a problem years ago. It took an act of Congress to get the companies to do anything at all, but I still read about large-scale incidents on a weekly basis. Will someone please explain to me WHY THIS IS STILL HAPPENING?