The good news (for most of you) is that this article does not mention data losses in Canada, Australia, South Africa, India, Bolivia, or Mexico (although I am sure that there have been some losses in all these countries).

The bad news is governmental agencies in the US and in the UK appear to be mind-bogglingly inept when it comes to protecting sensitive information. Appalling is not an over-statement.

Let's come away with a few simple lessons and apply them in our every day dealings with OUR clients:

-- The more sensitive data gets aggregated onto one device (backups normally aggregate data onto a single drive or tape), the greater the need to protect that device.
-- Backups should always be encrypted. Truecrypt provides a free and easy way to encrypt backups.
-- Don't forget about physical security. Stealing a drive is a low-tech and very effective attack.
-- Don't overlook smart phones, which are really just ultra-compact computers with built in phones
-- Laptops are ESPECIALLY susceptible to theft. ALL sensitive data MUST be encrypted. Truecrypt can also be used to encrypt the entire contents of the disk.

This really is not rocket science, folks. The first steps are to determine where the data lives, assess the risks, and employ the controls that we all know how to use. Why have so many government agencies, employees, and contractors failed to take these simple steps, especially after so many well-publicized incidents? GOOD QUESTION! (Sadly, I have no answer)

Dennis H in West Virginia, US

May 27