Insecurity In the Digital World

More and more, we are going paperless, with all sorts of information stored electronically. Of course, there are many advantages to maintaining information in electronic form, including searchability ease and cutting down on the overhead of storage space.

But this column is not about the favorable aspects of electronic data retention. Rather, I delve into the soft underbelly of the digital world. What am I talking about? I am talking about you, your private data, and how easily that data can go missing or can be used against you. Interested? Keep reading.

Sure, we all hear about potential privacy and security breaches in the abstract. This, however, is not an academic ivory tower exercise. Your personally identifiable information is vulnerable here and now. Let's consider two extremely recent examples to drive the point home.

In the United Kingdom, two computer disks containing personally identifiable details on all families in the UK with children under 16 have disappeared. As a consequence, the names, addresses, dates of birth, bank account details and national insurance numbers on 25 million people on the two disks are unaccounted for. While no fraudulent or criminal activity has been detected yet with respect to this vast array of missing data, time will tell whether the information has fallen into the wrong hands.

How did this happen? Apparently, the disks were sent from one government office to another in a package that was not recorded or registered. Now, that inspires confidence, doesn't it? This was not some sort of stealth operation designed to penetrate electronically the inner sanctum of sensitive databases. Rather, the disks containing the information simply were sent through a governmental postal system and have not been seen since, more than a month later.

Thus, as governments and businesses gather increasingly more personally identifiable data on individuals, we are reminded how easily that information literally can walk out the door without proper oversight and protection.

Of course, stealth security breaches also occur, as demonstrated by very recent attacks. The first such attack was directed at over 400 people at financial institutions. Each of them was sent a individually tailored email that claimed to be a complaint from the Department of Justice.

The second attack occurred just hours later. This one claimed to be from the Better Business Bureau. The true concern of these attacks is that the emails from both included malicious attachments that can enable remote access to a person's computer. With such access, personal and sensitive information of the computer user can be compromised.

These types of attacks by their nature are somewhat more difficult to uncover than mass phishing attacks precisely because they are directed to the individual names of recipients. Social networking sites can provide sufficient identification of people to whom perpetrators can direct these attacks.

Governments and businesses must do there very best to safeguard personally identifiable information of citizens and customers. Yet, even with best efforts, not all mistakes and breaches can be prevented. We truly are living in an age of digital insecurity.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP where he focuses on litigation matters of various types, including information technology and intellectual property disputes.

His website is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com. To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line.

This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.