All too often we hear about another laptop stolen with sensitive information on it. And all too often it’s personal data about employees. The latest is the retailing giant Neiman Marcus. The Company recently announced that a notebook computer containing personal information on 160,000 current and former employees was stolen. The stolen notebook belonged to a pension benefit firm hired by the Company. The personal information included individuals’ names, addresses, Social Security numbers, birth dates and salaries.
Neiman Marcus declined to identify the consultant whose laptop was stolen. The Company said it was not the company’s regular pension benefits administrator, Fidelity Investments. The stolen computer contained detailed personal information on employees and former employees who were in the pension plan as of Aug. 30, 2005. Neiman Marcus promptly notified their employees and offered to provide one-year of credit monitoring services.
Since last October, I’ve written about 3 laptop thefts involving employee personal and benefit plan data:
It’s 10:00 in the evening. Do you know where your 401(k) plan is? Savannah accounting firm has laptop with employee data stolen during trip to New York. Go figure!
The British equivalent of Chutzpah: 3 laptops stolen from London Metropolitan Police with payroll and retirement plan data on over 150,000 Met police officers.
Identity theft made simple. Just leave employee retirement plan data on a laptop: 2 laptops stolen with information on 40,000 current and former Chicago public school employees left unattended in conference room.
In all these casess, the common response was that it was no problem since the data was encrypted. But a key question went unanswered. Why was so much private data allowed to be on laptops in the first place? And Plan Sponsors, you better start asking your service providers how they protect your data. It’s the prudent thing to do.