The AARP (American Association of Retired Persons) has filed a letter with the New Hampshire Attorney General regarding the theft of laptop computer with personal information. The good news is that this latest information security breach will not be affecting retired people. On the other hand, AARP employees (retired persons employee: sounds like an oxymoron, don't it?) may not be as lucky. If laptop encryption had been used, there may be room to take a breath of relief--however, whether it was used or not has not been revealed.
According to the letter to the AG, the laptop computer was stolen during a break-in to the employee's residence. Information on the computer included names, dates of birth, and Social Security numbers for current and past AARP employees. Identity monitoring services for one year are being offered to all affected. Furthermore, AARP has also included explanations (clear ones that can be comprehended!) on what a security freeze happens to be, and what steps need to be taken. On the other hand, this is the AARP we're talking about: explaining things so that they're clear is what they do, if the one time I've read the AARP magazine is any indication.
According to the letter to the AG, the laptop computer was stolen during a break-in to the employee's residence. Information on the computer included names, dates of birth, and Social Security numbers for current and past AARP employees.
Identity monitoring services for one year are being offered to all affected. Furthermore, AARP has also included explanations (clear ones that can be comprehended!) on what a security freeze happens to be, and what steps need to be taken. On the other hand, this is the AARP we're talking about: explaining things so that they're clear is what they do, if the one time I've read the AARP magazine is any indication.
Data security comes in many forms, but I'd say that they can be divided into two types: proactive and reactive. While both are important--and encompasses lots of different aspects, such as the use of software, hardware, and the implementation of processes--I'd say that proactive is a better approach...if one were forced to choose (the better option may be to use both). Identity monitoring and security freezes are reactive: it's a reaction to the loss of personal information. And while these solutions do work, one may have to use such services for the rest of one's life. You know, unless the federal government decides to reissue SSNs to everyone. One could, also, decide to take up citizenship in some other country. At that point, what does one care if his US SSN is "out there?" It's not necessary to the original owner anymore. In contrast, proactive data security is essentially preventative security. We know something will eventually get stolen if it's left alone. Hence, the need for doors, locks, window latches, etc. The idea is to prevent the theft from happening in the first place. And when those obstacles are surmounted by the thief...well, you're effectively screwed. Which is why, when it comes to personal information security, one requires a solution that will maximize information security. An effective solution, one that would have worked great for the AARP, is the use of encryption software. If full disk encryption like AlertBoot had been used on the stolen laptop, the thief would be stuck with a laptop computer that won't operate, as opposed to a laptop that could potentially give him SSNs that he can sell in the blackmarket (and, which, thanks to the internet, can be accessed very easily).
Data security comes in many forms, but I'd say that they can be divided into two types: proactive and reactive. While both are important--and encompasses lots of different aspects, such as the use of software, hardware, and the implementation of processes--I'd say that proactive is a better approach...if one were forced to choose (the better option may be to use both).
Identity monitoring and security freezes are reactive: it's a reaction to the loss of personal information. And while these solutions do work, one may have to use such services for the rest of one's life. You know, unless the federal government decides to reissue SSNs to everyone. One could, also, decide to take up citizenship in some other country. At that point, what does one care if his US SSN is "out there?" It's not necessary to the original owner anymore.
In contrast, proactive data security is essentially preventative security. We know something will eventually get stolen if it's left alone. Hence, the need for doors, locks, window latches, etc. The idea is to prevent the theft from happening in the first place. And when those obstacles are surmounted by the thief...well, you're effectively screwed.
Which is why, when it comes to personal information security, one requires a solution that will maximize information security. An effective solution, one that would have worked great for the AARP, is the use of encryption software. If full disk encryption like AlertBoot had been used on the stolen laptop, the thief would be stuck with a laptop computer that won't operate, as opposed to a laptop that could potentially give him SSNs that he can sell in the blackmarket (and, which, thanks to the internet, can be accessed very easily).
Related Articles and Sites:http://doj.nh.gov/consumer/pdf/aarp.pdf