Well, there has been another recent incident regarding the backup tapes being lost while in transit to offsite storage. People's Bank is notifying approximately 90,000 affected customers that a tape containing confidential data was lost recently while being transported by UPS to TransUnion, a credit reporting bureau. People’s Bank have posted information about the incident on their site (http://www.peoples.com/about/peoples/0,8397,14098,00.html). Several news agencies have reported on this story, including SC Magazine (http://www.scmagazine.com/uk/news/article/535840/peoples-bank-atlantis-faced-breaches/) and the Connecticut Post (http://www.connpost.com/business/ci_3394540), as well as non-U.S. publications such as Finextra in the UK (http://www.finextra.com/fullstory.asp?id=14745). Numerous other backup tapes were lost throughout 2005, most by UPS or Iron Mountain.
Until we had California SB 1386 we never read about these lost tapes in the news…is this really anything new? How long have tapes with personal information been going missing without anyone being told? Do you think any frauds have occurred as a result of any such past data losses falling into unscrupulous hands?
I also wonder about whether or not this is prompting organizations to encrypt their backup tapes, and other storage media. Is your organization planning to start encrypting all data that goes outside your facilities? Or, perhaps encrypt all personal data as a matter of basic business practice?