No, not that one.
It’s the sort of bomb that Fidelity dropped on Hewlett-Packard when it disclosed that a company laptop containing personal information on 196,000 HP employees was recently stolen.
The laptop contained “… data including the participants’ names, addresses, birthdates and social security numbers.” It was reportedly being used for an offsite meeting. Fidelity is doing big-time damage control:
Fidelity, which provides financial services for about 21 million people, says it hasn’t detected any misuse of the information and that safeguards in place may prevent misuse. The application with the data had a temporary license that has expired, so the data would be difficult to interpret and “generally unusable,” a spokeswoman says. And the company is requiring additional authentication to access the affected HP accounts.
So if I’m an HP employee, I’m hopping mad. If I’m one of the other 20 million or so customers of Fidelity, I’m thinking the word “Vanguard” sounds rather inviting right about now, Paul McCartney ads notwithstanding (turn your speakers down).
In an age of growing concerns about customer privacy, I find it staggering that personal data is moving around on the laptops of a company as sophisticated as Fidelity. Particularly when it includes the Rosetta Stone: apparently unencrypted SS numbers. Do you think this is the only time this has ever happened at Fidelity? The only time it has happened in the financial services industry? What about the healthcare industry?
The politicians are still arguing about this stuff.
Despite all the privacy protections instituted by many companies, if laptops or sync-able PDAs can copy and take offsite deeply personal customer information, legislation or regulation will soon follow. Thus the innocent are punished by the sins of the guilty.
It’s another reason why “privacy” is going to be a key word for GCs and their corporate compliance programs in the future.
Like tomorrow.
Fidelity employee stuck in traffic?