The union representing most of the airport safety screeners of the nation have filed a class action suit against the Transportation Security Administration for its negligence in allowing an external hard drive to be stolen from TSA Headquarters. The hard drive contained 100,000 records of past and current employees, including social security numbers, banking details and other sensitive data.
The suit seeks injunctive and monetary relief, including any financial losses for the breach and additional safeguards to prevent against future privacy thefts.
The breach of security is especially troubling in this case because the agency robbed is one that is primarily responsible for managing the safety of the oft-targeted air travel industry.
The suits were not unexpected. Such a high profile loss of data is often followed by a lawsuit. The Union’s lawsuit, however, is very appropriate in this matter. First, the Union’s demand are reasonable. The plaintiffs ask for injunctive relief, that is, relief that will improve the TSA’s future protection of data. The relief requested includes encryption of data and electronic monitoring of data. The plaintiffs also request monetary relief for any losses resulting from the breach. Second, the lawsuit is appropriate because it helps to bring attention to the need for greater security protections in any size organization, government or private.
Unfortunately, most organizations, big or small, would do well to reevaluate their data security policies. Many times, taking small steps to protect sensitive data can make a substantial difference, even in situations where sophisticated encryption and other technology is not used.
For example, setting your computer to require a password to access data after about 5-10 minutes of inactivity is an easy step to prevent prying eyes from taking “quick peeks” at your data. Don’t use the same password for all of your accounts, and be aware of the roster of people that have access to your sensitive data at all times.
Bottom Line: The TSA mishap could likely have been averted by following simple steps such as these. The union lawsuit brings salience to the value of data and the increasing need for all of us to makes small changes in our daily behavior in the interest of greater protection of sensitive data.