Notification of Potential Data Breach

Dear … Employee,

We recently became aware of an incident involving information that may affect you. A laptop belonging to an … director was lost during a business trip to Atlanta in late July. The laptop contained personal information on some employees, including you…The laptop was secured by a user name/password combination…

I received the letter above a few days ago from one of my former employers. It made me wonder what other sensitive data were on a laptop used by director of a large publicly traded company. And could this possibly happen if they used Software as a Service HR application?

SaaS will not make data on notebooks safer, but the chances are that this person would not need to download my personal information to his or her notebook. It is clear to me that incidents like this one prove that SaaS model is not inherently less secure…

Comments

  1. Kris Tuttle says:

    I’ve received this same form latter about 6 times in the last 2 years from nearly all my investment funds and one of my former employers, ironically IBM.

    Clearly there are so many people involved with data that no effective controls exist today. Having a centralized access control mechanism that uses a services based interface seems like a more secure approach. I also think this is much more in alignment with the way Cisco thinks about data versus the system companies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s