Last week was a bad one for personal privacy. Starbucks and Intermountain Healthcare announced shameful lapses of basic data security.
According to a November 3, 2006 Starbucks’ press release, “four retired (no longer in regular use) laptops have been identified as missing from the Starbucks Corporate Support Center in Seattle. Two of the laptops contained the private information, including names and social security numbers, of nearly 60,000 United States partners (employees) and less than 80 Canadian partners and contractors at all levels employed across the organization prior to Dec.31, 2003.”
Starbucks is providing all affected U.S. employees free credit protection services for 1 year from Equifax. In a letter to affected employees, Starbucks stated “Starbucks takes our commitment to safeguarding the personal information and security of our partners very seriously.” The company also assured employees that it is “reinforcing our policies and updating our procedures around the protection of personal data.” I’m sure these assurances will comfort the 60,000 plus people who may have their social security numbers compromised. Starbucks did such a good job of securing the data in the first place.
As apposed to just losing a laptop containing confidential information, Intermountain Healthcare actually gave one away. On the same day that Starbucks announced its security blunder, The Salt Lake Tribune reported that Intermountain Healthcare donated an old laptop containing the names, job titles, Social Security numbers and telephone numbers of 6,244 employees to a thrift store. After supposedly being wiped of all data, the machines was given to Deseret Industries and subsequently sold for $20. Luckily, the machine’s new owner recognized the data’s sensitive nature, having herself been an identify theft victim, and turned the machine over to a local television station, which returned the machine to Intermountain.