Ernst and Young is the latest company to fall into the data breach spotlight due to a lost laptop. An E&Y laptop was lost which had the personal information of over 38,000 British Petroleum employees. BP officials began notifying their employees that their personal information may have been exposed and may put them at risk of identity theft. In this particular case, social security numbers were among the personal information on the laptop.

The UK IT Trade web site, The Register, had the following headline:

40,000 BP workers exposed in Ernst & Young laptop loss

Read the rest of this entry »

In their enthusiastic charge to protect people from privacy invasion, privacy advocates sometimes get to focused on preventing the disclosure of information. He see bunches of client based tools, often browser plugins that warn people that they are about to submit personal information to web sites that don’t have published privacy policies. Some of the more sophisticated tools will compare an end-user’s preferences to a site’s published policy and inform the user if the site policy is consistent with the user’s preferences.

But focusing on preventing the disclosure of information isn’t enough because people _want_ to disclose their information to companies, both electronically and directly.

Read the rest of this entry »