I received this via email from Alan Borack (a friend and colleague) about the recent disclosure by Aetna about losing member data, and with his permission am posting his comments here.
How long do you think it will take for the 2 companies impacted to notify
their employees they are among the 38,000 names on the laptop?
I know 2 that have Aetna as their medical insurance carrier -- Merrill Lynch
and AT&T -- two places I spent a few days at. Arrrgh
The real question is -- 'why did the Aetna employee have personal client
data on the company laptop in the first place?'
More and more banks are moving towards replacing desktop computers with what
we used to call 'dumb terminals' to lower costs and to prevent users from
saving information to the hard drive, cdrom or usb drives. Laptops too, are
being issued only to key personnel - namely technical support and officer
types - the kinds of people who don't have or need direct access to personal
information of employees or clients.
All good questions from a seasoned veteran of financial services; why indeed do all these folks have our personal data on their laptops?