Data compromises occur most often through lost or stolen hardware such as laptop computers or PDAs, though many people don't realize it because those incidents get less attention.
Just a Little Peek
An emerging area of privacy concern stems from one of the most basic elements of human nature: curiosity. "Peeping" refers to incidents where people who have access to a variety of private records snoop into files they have no business seeing. Many times the perpetrators act with innocent intentions--for example, a nurse who checks on the records of a hospitalized neighbor. But in a spate of recent cases, people sought to profit from releasing personal medical information.
Massive data breaches like the one that hit Heartland Payment Systems in January spark costly class action lawsuits, negative media coverage and potentially devastating loss of business for the afflicted company. They also trigger the obligation to notify affected individuals under various state laws. And they often spur new legislative and regulatory action, designed to protect consumers from identity theft and exposure of personal information.
At the federal level, the health care privacy provisions tucked into the stimulus package came as a surprise. They ended up there because the bill provides $20 billion in funding for electronic health records, which Obama sees as one way to rein in medical costs. The act includes beefed up privacy regulations to address concerns that digitized medical records will lead to more stolen personal information, according to Reece Hirsch, a partner at Morgan, Lewis & Bockius.
Corporate data breaches can lead to lawsuits, damaged reputations, costly breach notification procedures or the loss of competitive edge. But Verizon's 2008 Data Breach Investigations Report concluded that 87 percent of breaches were preventable through "reasonable controls."
But guarding against external hackers is only one part of the equation. According to a recent study from Symantec Corp. and the Ponemon Institute, of nearly 1,000 respondents who left jobs in 2008, 59 percent admitted to stealing confidential company information. And, the median insider breach compromises more than 10 times as many records as an external one, according to the Verizon study.