Survey Says Consumer Data Breaches Will Get Worse

A new survey finds that the current epidemic of data breaches and identity theft resulting from stolen corporate laptops and other mobile devices will continue until more companies take aggressive action to protect the privacy of personal information they routinely collect on their customers -- and ultimate victims.

CREDANT Technologies' annual survey uncovers surprising results -- 88 percent of 426 respondents, representing IT organizations world-wide, say they know that large amounts of personally identifying and other sensitive information reside on employee's mobile devices, and 72 percent cite that encryption is required to protect personal identifiable information, yet less than 20 percent have implemented encryption.

More than 33 million Americans have become victims of laptop theft since February 2005 according to Privacy Rights Clearinghouse. Consumers, who are potential identity theft victims because the privacy of their personal information has been compromised, are outraged and companies must take more aggressive steps to protect their brand and regain customer trust. With the publicity surrounding laptop thefts and data breaches, it was not surprising that 75 percent of the respondents to the survey ranked laptops as their number one concern for a data breach, but in the comments section, many reiterated concern for sensitive data that resides on any mobile device. One respondent stated, "It is not relevant where the device is stolen -- a data breach is a data breach."

The survey findings are particularly disturbing in light of the fact that 52 percent of respondents state that personally identifying information such as Social Security, driver's license numbers and financial, medical or other confidential personal information is stored on mobile devices. While 62 percent stated that up to 25,000 accounts would be impacted if a laptop were stolen, 30 percent reported that between 25,000 and 2 million accounts would be impacted; and 5 percent had no idea of how many accounts were vulnerable. Again, one respondent stated, "It's difficult to know, but one record is too many."

The survey delved into who should be responsible for a breach and asked respondents what consequences, if any, should be carried out. Not surprising, IT management stands behind their responsibility and will share the potential consequences -- even to the extreme of being fired. 36 percent of respondents feel that the accountability for any data breach falls to the person who lost the laptop or mobile device, while 33 percent believe that IT management, who is responsible for securing the data, should be accountable.