The 25 million names business, the Driving test candidate records lost by Pearson, the recent data loss by Norwich Union. All of these have been highly public losses of large quantities of personal data. I would venture that these are just the tip of the data iceberg.
The reason these stories came into the public eye is because the data loss was detected, for whatever reason. What most people fail to realise is that this kind of data theft could occur without it even being known about.
Consider this: 25 million names, addresses and accompanying bank details were held on 2 CD's. This is a total of 1400 megabytes (MB) of storage space. The Micro SD card I use to hold MP3's on my phone is 2GB (2000 MB) in size. To put it bluntly, a device I can pick up from any high street electrical store for under £20.00 is easily capable of holding the personal data of 25 million people.
Now consider the links in the chain where the data could be stolen:Most companies have an IT department, programmers and senior support staff are likely to have access to customer data, sometimes more junior staff will also have access.
Additionally, companies take regular backups of this data. This data may be stored on site, but for many companies this data is their lifeblood and is likely to be kept on a separate site in case of such incidents as fire. Data could also be stolen at this point.
Companies with websites are vunerable to hacking through the website, a small company may not even have the mechanisms in place to detect an attack, let alone prevent it.
Finally, consider who has your personal data: Your bank, your electricity company, your gas company, your phone company, online stores, numerous government agencies; it's a long list of people who could potentially mess up.
In conclusion, there are a large number of opportunities for potential data loss. Loss of name and address data is not all that problematic, marketing companies have legally bought and sold this data for many years without problems. Financial data is more problematic, I'll explain why in my next post.