By Martin H. Bosworth
ConsumerAffairs.com
June 18, 2006
A laptop computer containing the personal data of 13,000 District of
Columbia workers and retirees has been stolen from the home of an
employee of ING Financial Services, the company said.
ING Financial, which promotes products such as the "Orange" high-yield savings account, was managing the retirement plans of D.C. employees for the city's retirement board. The stolen laptop contained personally identifying information, such as Social Security numbers, and was neither encrypted nor password-protected.
According to ING spokesperson Caroline Campbell, the theft took place on June 12th, but the company did not notify affected customers until Friday in order to verify what data was on the missing laptop.
Campbell claimed in a statement that the company was cooperating with District police and hiring its own investigator to locate the missing laptop.
Campbell did not provide any details as to whether or not the theft was designed to procure the data or the laptop itself, or what the current status of the unidentified employee was. Attempts to contact Campbell by phone for comment for this article were unsuccessful.
The company is following the standard practice of companies that have data breaches due to laptop thefts, offering free credit monitoring and sending letters to affected employees.
CNN reported that ING had previously lost laptops containing data on 8,500 hospital workers in Florida in December 2005, but had not sent notification letters until this week.
This is not the first instance of D.C. employees or its senior population being exposed to potential data fraud. In March 2006, a group of hackers stole information from D.C.'s Office of Aging, which was being hosted on a server owned by Georgetown University. The data included names, addresses, and Social Security numbers belonging to 40,000 elderly D.C. residents.
Congress May Act
Congress is currently battling over different versions of legislation to protect consumers from identity theft and fraud due to data breaches or laptop thefts.
One bill in the House, the "Financial Data Protection Act," has been called the "worst data bill ever" due to its lenient policies regarding consumer notification and its preemption of state laws covering identity theft.
Senator Hillary Clinton (D-NY) recently announced she was sponsoring the "Privacy Rights and Oversight for Electronic and Commercial Transactions" (PROTECT) Act of 2006.
The PROTECT Act would enable consumers nationwide to enact "credit freezes" in case of identity theft, to set their participation in credit-related offers to "opt-in" rather than "opt-out," and would mandate immediate notification for consumers by businesses and agencies that have suffered data breaches.
In remarks before the American Constitution Society, Sen. Clinton said that "[w]e need consumer protections that are up to date with the technological and national security needs of our time, for a world in which we can be confident that our security and our privacy are both protected."
