UC Berkeley: Personal Data on Laptops

No Effective Security Policy at UC Berkeley?

A stolen laptop that contained personal info of almost 100,000 California university applicants and students, including social security numbers, has been recovered, reports Reuters. That data should NEVER HAVE BEEN ALLOWED ON A LAPTOP.

Many, perhaps most, organizations do a horrible job in protecting people's private information - actually ALL information!

Technology alone is no solution. The data had been allegedly encrypted on the laptop, but my 12 year old nephew probably have accessed it.

Computer/Information Security is a process. It includes:

Security Policy, Procedures, & Technologies.

Companies need a written plan and guidelines, typically called "Security Policy," which everyone should know about and follow. All Companies should have a Security Policy which describes, among other things, how different information is protected. EVERYONE should be required to read and sign this short info security policy document including the CEO, executives, etc.

Procedures are step by step directions for doing things specified by the policy. The policy might say "update anti-virus protection daily," and procedures would describe how.

There should have been Security Policy that did not allow this personal data on (easily stolen) laptops! Maybe there was, but policies also need to audit and enforce compliance to be effective.

This is NOT rocket science, and this loss of personal data is INEXCUSABLE. Yes I'm SHOUTING!! I'm mad when I see such incredible incompetence!!!!!

That said, security is never perfect! It's never absolute.OK, I've calmed down.
Like the bumper sticker says,

"Security Events Occur"