Welcome to the Other Side of New Year's Day

Now that we have successfully transitioned into 2010 with our skin intact I want to once again return to the subject of our PII, those who wish to have their way with it, and the hapless aggregators and keepers with file cabinets and servers chock full of it. To that end I have included links to a couple of things to ponder in these first few days of the year.

Navy's InfoSec Chief Suffers Sixth Breach
The Navy's Chief Information Officer Robert Carey recently received notification of a compromise of his personally identifiable information (PII), reports govinfosecurity.com. For Carey, it was the sixth such notification, and came from the Army--where he hasn't worked in 24 years. Carey used the event to describe his philosophy on data protection and enumerate a seven-point summary of his department's efforts to reduce the risk of a breach within the Department of the Navy. "In today's Information Age, PII must be treated with extreme care because unauthorized access to someone's digital identity can and does cause grave consequences," Carey wrote.
Full Story

Three Breaches Compromise 30,000 at Penn State
The Pittsburgh Post-Gazette reports that Penn State has begun the process of notifying nearly 30,000 individuals that their personally identifiable information (PII), including Social Security numbers, may have been compromised as a result of three separate malware infections discovered in late December. The school said it has no evidence that the individual or organization behind the malware gained access to the PII, but has decided to notify as a precautionary measure. "We do not have any indication that it was accessed by unauthorized parties. We prefer to err on the side of caution," said spokesperson Annemarie Mountz. The event was the second known breach at Penn State in 2009.
Full Story

Does it occur to anyone that for as long as we have been entrusting our personal information to others they have been losing it, a lot? One of life's principals is that "Continuing to do the same things while hoping for different results" is a hopeless waste of time. If they continue to lose our personal information why then do we continue giving it to them without any sort of check and balance? Certainly all of the laws passed have not had any nulling effect, nor any of the so-called procedures and software "solutions". This is not a problem that we have to accept as a given that requires a highly technical or overly complex set of controls. This is a very basic condition that if we, as the actual owners of the prize were to take into our own hands, could quite well nip in the bud. Think about it. Do we all put our prized silver in a big building or a bunch of buildings and then hire people to guard it or do we keep our own at home and watch it our selves?

The examples above are not isolated cases unless you consider the US Navy and Penn State to be marginal. This is big time mainstream stuff.

Oh, Happy New Year!