In my last post, I had a bit of a rant about how irresponsible some companies were when it comes to allowing sensitive customer data to reside on employee laptops. Later, I came across this article on Yahoo News, describing just how widespread this problem is.

According to the article:

Since June 2005, there have been at least 29 known cases of misplaced or stolen laptops with data such as Social Security numbers, health records and addresses of millions of people, according to the Privacy Rights Clearing House, a San Diego-based nonprofit that tracks data thefts.

So more than two major incidents a month occur along these lines. Given how high profile some of the companies have been so far (e.g., 26.5 million veterans were affected by the laptop stolen from a Dept of Veteran Affairs employee), it’s just a matter of time before this affects me or someone close to me.

The article comes from the perspective that encrypting sensitive data on laptops would help alleviate these problems. I’d argue that encrypting data isn’t enough — there should be an examination of why sensitive data would ever be stored anywhere but on servers that are both physically and electronically secured.

Also from the article:

Sometimes, there's no good reason for why so much information is being kept on individual machines that are designed to be carried out of the office. In other cases, workers were allowed to have the data on the laptops but didn't follow proper procedures for keeping it safe. In others, they broke the rules by taking personal data out of the office or not protecting it with digital tools.

I would actually argue that there’s not a good reason at all for customer data to be on individual machines… ever. With the availability of secure VPN access into the office, why would a user traveling around with a laptop every need customer data on their laptop? Actual customer data shouldn’t be available to just anyone… and of the people who DO have access to it, what type of information worker needs that data locally? At home?

My perspective is admittedly biased, but I could see where a developer who works with that data might WANT it to be on his or her local machine — but a company’s engineering and/or security directors should be laying down the law against that. Use a VPN to get at an approved development server. Generate test data if you need to work offline.

It’s just asinine that this continues to happen as often as it does when the remedy for it seems so clear — strong security policies, reasonable practices to ensure security, and zero-tolerance enforcement when those practices are ignored or those policies are broken.

Here’s a little nugget for the IT management at financial companies… for that matter, it’s probably useful for IT management at any company that has individuals as customers.

This is provided gratis for all and I’m hereby relenquising any future intellectual property claim:

Don’t allow customer data to be stored on individual user machines, least of all on those that leave the building with employees!

I just don’t understand how stories like this, this, and this continue to happen on such a consistent basis. You’d think that it would take just a story or two like this to come out before any company with personal customer data would jump on it. In some companies, devices such as iPods, USB keys, or cameraphones aren’t even allowed in the office — for fear that an employee might copy sensitive data from their computer.

Doesn’t do much good, of course, if the machine itself leaves with the employee.

It’s refreshing to read of a company like Amazon.com, though, that takes the security of customer data very seriously. This entry from Werner Vogels, Amazon.com CTO, says what’s on the mind of consumers everywhere — you guard it with your life.

From this page on the Yahoo/FIFA official site:

Donovan, for his part, denied that this was a "crushing" defeat. "A loss is a loss, I'm not sure 3-0 is entirely fair, but they made three plays that we didn't make."

I’m not sure what qualifies as “crushing” in his mind, but he’s right... Given that the US had just one shot on goal and Czech Republic had five, not to mention far more dangerous plays on the attack, it should have been more like 5–1. The US team had just two corner kicks and not a single offsides call — pretty good indications of how little time they spent in the attacking third of the field.

I hope Donovan can swallow his pride, own his (lack of) contribution to the team’s performance, and come out looking aggressive on Saturday. Otherwise, he’ll be watching elimination play from Southern California.

Seems like most of the traditional media outlets have a “blog” now, from television stations to newspapers to magazines.

But what do all three of those “blogs” have in common? No feed. I’m all for businesses jumping on the “informal, community-facing content” bandwagon (the more content available via syndicated feeds, the better), but if you’re going to do it… do it right.

Those three examples links above were pretty easy to find and aren’t exactly things I’d subscribe to if they did have a feed. What’s frustrating is to come across one that’s got content, is regularly updated, and you really want it to have a feed — but it doesn’t.

In some cases, sites will have a single feed for their main articles or “top stories”, but nothing that’s specific to a category, department, or writer — it might not even have the content I’m viewing. In one case (the Rocky Mountain News), the URL for their “centralized feed” page is broken.

Bottom Line: I don’t think it counts unless Firefox can “see” the subscription feed (via the LiveBookmarks feature) and the feed it sees is specific to the content I’m looking at.

On the flip side, there are major outlets that get it right.

“Rands in Repose” is a blog on life as a software development manager and one of my all-around favorite blogs. He writes a handful of articles a month and they’re invariably insightful and well-written. Managing a development team can be a tricky thing, given that developers sometimes have quirks that are “outside the mainstream” — such as being night-owls, extreme introverts, very focused, or logic-driven at the expense of diplomacy.

He just started a new series called “Deconstructing Managers” that I’m really enjoying. In it, he’s breaking down some of the stereotypes of engineering managers and trying to serve as a translator between “the manager” and “the engineer”. It’s great stuff and takes a balanced, humorous view of this relationship.

So if you’re new to managing a development team, or if you’re on a team and have a new/challenging manager, it’s definitely worth subscribing and following along.

Edward Tufte, author and infoporn guru, is giving a series of one-day courses in various cities across the country. I just registered for the course in Denver on July 21 and am really looking forward to it. The course fee of $360 seems like a great deal, especially given that attendees receive copies of four of his books.

Now if only that other ‘guru’ whose work I admire could come to this area…

Did that suck, or what? It took two years to get another season out… and it came in with a bang and went out with a whimper. I know they’re doing another “mini-season” next year (already shot… but we still have to wait a year), but I’m not sure how much I care.

Honestly, for a show that started off so strong, the creative team and/or HBO is sure doing a good job of marginalizing it.

Assuming this goes through and shows up without a hitch, the server migration is done. The Server Intellect folks were great when I had questions about control panel issues or moving mailboxes during DNS propagation.

The kind folks at Server Intellect (my hosting provider) are adding some newer, beefed-up servers to their data center… so it’s time to migrate everything over. I always feel like I’m missing something when I’ve done this in the past, but this time I’m feeling good. They have a really good setup and migration plan in place, so as the DNS updates there should be little, if any, downtime.

Crossing fingers…