Just in the first 2 days of this month, 4 incidents of laptop theft have been reported – by a bank, a government agency and, of course, 2 institutions of higher education. The laptops contained sensitive information about an unknown number of individuals.

Why did a laptop stolen from a professor’s house have sensitive information? The professor’s class lists included his students’ Social Security numbers as student identifiers – a common practice. Universities and colleges are thankfully in the process of changing this practice but haven’t quite completed that task.

The laptop stolen from a bank employee was apparently stolen from the back seat of his car. The data stolen with the laptop was customer information only, no account information. Which raises the question, why is a bank employee carrying private customer information on his laptop? What possible use is that information to him – without account balance or activity information?

Those are 4 incidents that could have been avoided and should have been. As more and more states adopt data breach laws that require customer notification, the reports of laptop thefts will become tediously numerous. It might behoove all organizations to take a close look at their information security policies regarding the use of laptops, the ability to download sensitive information to laptops and the proper security features – e.g. encryption – necessary to protect this information. Organizations can – if they deem it to be necessary – weigh the costs of these policies against the loss of customer loyalty, loss of reputation and the costs of remedying a laptop data breach. The results might surprise them. It really is high time for organizations to get serious about protecting the information that has been entrusted to them.