An increasing problem is that of maintaining privacy of equipment, data and personnel. Laws, such as that required by the California Information Act that affects institutions across the country having offices or that do business in California, and Federal Privacy Laws, are adding a much higher level of responsibly and significant financial risk.
Critical organizations have sensitive personnel files and data that include credit card companies, banks, mortgage companies, accounting firms, law firms, hospitals, governments, homeland defense, military, and many others. While a lot of attention has been given to external threats, often, a greater risk is employee theft or even unintentional disclosure.
Recently, the personal files of 26.5 million veterans were improperly taken home by a VA employee, and the files, including social security numbers and other very sensitive veteran's personnel records, were subsequently stolen in a break-in of his house. Before that, the military in Iraq had numbers of critical flash drives, computers and storage mediums stolen by local employees and then sold in flea markets. Banks, credit card and data storage companies have recently had large thefts of personal credit, account records and other data that later was used for identity and credit card theft.
Whether intentional or not, failure to follow privacy laws may be extremity expensive. State laws and liability associated with exposure of private data may lead to fines and costly litigation. As such, an improved method of protecting data would be desirable.