The issues of personal data security and identity theft broke into the national consciousness a year ago, when Choice-Point reported that thieves had established accounts with the data broker to obtain sensitive information on 145,000 people. Outrage was immediate, but the problem has persisted. Despite congressional hearings, a plethora of federal bills and the passage of laws in at least 22 states, data on more than 53 million people was stolen, lost or exposed in 121 more incidents over the next year, according to the Privacy Rights Clearinghouse. By far the largest exposure was at payment processor CardSystems Solutions Inc., which effectively was put out of business after data on 40 million people was hacked.

These breaches are not the work of genius hackers. Most hacks, like that at CardSystems, are the result of poor security and worse policy. Many breaches are just, well, stupid. There were 30 reported thefts or losses of computers and nine cases of lost or stolen backup tapes reported in the last year. Some companies printed Social Security numbers on mailing labels and one publisher recycled paper containing sensitive data to wrap bundles of newspapers for distribution.

The link for this article located at is no longer available.