- Related Stories
U.K. government reveals its 'biggest privacy disaster'November 21, 2007
Targeted e-mail attacks spoof DOJ, business groupNovember 20, 2007
Why we still invite data breachesOctober 29, 2007
CA exec urges Asia to strengthen data-breach lawsSeptember 28, 2007
Privacy experts: T.J. Maxx breach was foreseeableSeptember 26, 2007
Feds scramble to meet data breach deadlineJuly 19, 2007
Of course, there are many advantages to maintaining information in electronic form. But this column is not about the favorable aspects of electronic data retention.
Rather, I want to examine what's become the soft underbelly of the digital world. I am talking about you, your private data, and how easily that data can go missing or can be used against you.
Sure, we all hear about potential privacy and security breaches in the abstract. This, however, is not an academic ivory tower exercise. Your personally identifiable information is vulnerable here and now. Let's consider two extremely recent examples to drive the point home.
In the United Kingdom, two computer disks containing personally identifiable details on all families in the country with children under 16 have disappeared. As a consequence, the names, addresses, dates of birth, bank account details and national insurance numbers on 25 million people on the two disks are unaccounted for. While no fraudulent or criminal activity has been detected yet, with respect to this vast array of missing data, time will tell whether the information has fallen into the wrong hands.
How did this happen? Apparently, the disks were sent from one government office to another, in a package that was not recorded or registered. That inspires confidence, doesn't it?
This was not some sort of stealth operation designed to penetrate electronically the inner sanctum of sensitive databases. Rather, the disks containing the information simply were sent through a governmental postal system and have not been seen since, more than a month later.
Thus, as governments and businesses gather increasingly more personally identifiable data on individuals, we are reminded of how easily that information literally can walk out the door without proper oversight and protection.
Of course, stealth security breaches also occur, as demonstrated by very recent attacks. The first such attack was directed at more than 400 people at financial institutions. Each of them was sent a individually tailored e-mail that claimed to be a complaint from the Department of Justice.
The second attack occurred just hours later. This one claimed to be from the Better Business Bureau. The true concern of these attacks is that the e-mails from both included malicious attachments that can enable remote access to a person's computer. With such access, personal and sensitive information of the computer user can be compromised.
These types of attacks, by their nature, are somewhat more difficult to uncover than mass phishing attacks, precisely because they are directed to the individual names of recipients. Social-networking sites can provide sufficient identification of people to whom perpetrators can direct these attacks.
Governments and businesses must do their very best to safeguard personally identifiable information of citizens and customers. Yet, even with best efforts, not all mistakes and breaches can be prevented. We truly are living in an age of digital insecurity.
is a partner in the San Francisco office of . His focus includes information technology and intellectual-property disputes. To receive his weekly columns, send an e-mail to firstname.lastname@example.org with "Subscribe" in the subject line. This column is prepared and published for informational purposes only, and it should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.