I have been subscribing to the OSF Data Loss Feed for well over a year. This feed provides me with brief blasts of information about data loss events that are reported around the world. These data loss events consist of sensitive data that is stolen, lost or carelessly disclosed. This has been a very interesting and eye-opening feed to receive.

One of the ways that sensitive data has a habit of being lost is through stolen laptops. The Open Security Foundation's Data Loss DB site reveals that stolen laptops are 22% of the reported data loss events since OSF has been tracking them.

Below are the reported data loss events directly related to stolen laptops in the months of April and May of 2009:

April 2, 2009: Stolen laptop with personal data of 33,000 children.
April 8, 2009: Stolen laptop with 1,892 Social Security Numbers and other personal data.
April 10, 2009: Stolen laptop containing financial account numbers.
April 13, 2009: Stolen laptop with personal data of potentially 14,380 patients.
April 23, 2009: Stolen laptop with personal data of 1,392 patients.
April 23, 2009: Stolen laptop with 1,000,000 Social Security Numbers.
April 30, 2009: Stolen laptop with 225,000 Social Security Numbers and other personal data.
May 5, 2009: Stolen laptop with 1,000 Social Security Numbers.
May 7, 2009: Stolen laptop with personal data of 2,000 patients.
May 13, 2009: Stolen laptop with 47,000 Social Security Numbers and other personal data.
May 28, 2009: Stolen laptop with personal data of 109,000 members.

It is interesting that majority of these incidents relied solely on the laptops being password protected to secure the data or made the assumption that the thief was unaware of the data that was contained within them. It certainly is not a comforting thought for the 1,434,664 + people that were affected by these incidents.

A study by the Ponemon Institute, a research organization that focuses on privacy and information security, indicated that the average cost of a lost laptop is $49,246, with only $1,582 of that figure being the replacement cost of the hardware. These costs include: Detection, investigation, intellectual property loss, productivity loss, legal costs and regulatory costs. An average of $39,297 is directly related to the costs of the data breach itself.

The portable nature of the laptop is its appeal and vulnerability. It is quite tempting to save client data on a laptop so that it may be accessed when you are away from the office. Password protecting files is better than leaving them wide-open; but also consider implementing additional methods of protection. The aforementioned study noted that the use of encryption reduces the cost of a data breach by an average of $20,000. Food for thought.