Every week brings another public announcement on some dramatic compromise of confidential, sensitive information. Sometimes, it's the loss, or theft, of a computer or hard drive or the hacking of supposedly confidential files containing individuals' private, identifying data, such as credit-card numbers or health records.
At other times, it's just "a screw-up." So says AOL spokesman Andrew Weinstein about what appears to be the posting of some 20 million separate search queries, revealing the search habits of more than 600,000 AOL customers.
Two Californians and a New York resident have sued AOL, claiming that the search information, while not including names, did contain phone numbers, birth dates and social security data, and has been used by other organisations to identify specific AOL members. They seek damages, fees and AOL's promise "never to do it again".
AOL, and other organisations, can have all the good intentions in the world. But, what about the "human element"? Weinstein says none of AOL's privacy policies were violated. We have no reason to believe otherwise. That doesn't change the fact that confidential subscriber information is no longer confidential.
Why not actively consider the encryption of confidential data to put some teeth in your privacy directives? That way, the information is inaccessible to prying eyes - even when the next screw-up occurs. And it will.
Encryption is only a technology. Coupled with enterprise-wide security management and enforceable, audit-visible, data access rules, encryption offers a sound way to minimise damage to brand and business.