Company claims 'due diligence and investigating' behind notification delay
March 29, 2011, 09:34 PM — Back on March 1, an employee of oil giant BP lost a laptop with personal information from 13,000 Gulf of Mexico residents who had filed damage claims in the wake of last year's massive Deepwater Horizon offshore platform spill.
Fortunately, BP immediately informed the victims of the data loss, giving them plenty of time to notify their banks, credit card companies and authorities.
Oh, wait. BP actually waited almost a month to tell 13,000 people whose lives already have been turned upside down due to the company's negligence that their personal, unencrypted information was floating around somewhere inside a lost laptop.
The Associated Press reports that "the oil giant on Monday mailed out letters to roughly 13,000 people whose data was stored on the computer, notifying them about the potential data security breach and offering to pay for their credit to be monitored."
What took so long? A company spokesman told AP the company was desperately trying to find the laptop before anyone found out about it "doing our due diligence and investigating."
Despite all of BP's diligence and investigating, the password-protected laptop remains missing. It reportedly contains an unencrypted spreadsheet of "claimants' names, Social Security numbers, phone numbers and addresses," AP writes.
This is a good reminder to anyone -- businesses, employees, personal laptop owners -- that mobile devices with valuable data can get lost. There's no way to eliminate that problem. But for a business to leave the personal data of its customers, clients, employees -- anyone, really -- unencrypted and vulnerable on a laptop is grossly irresponsible.
Not telling potential victims for almost a month is even worse.
Chris Nerney writes about the business side of technology market strategies and trends, legal issues, leadership changes, mergers, venture capital, IPOs and technology stocks. Follow him on Twitter @ChrisNerney.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworldhttp://www.itworld.com/security/141940/bp-worker-loses-laptop-personal-data-13k-oil-spill-claimants