Such regulations will also drive companies to do a better job handling customer data, said David McGuire, director of communications for the Center for Democracy and Technology, also in Washington. "We need a national privacy regulation put in place that lays out the groundwork for companies when they collect this sort of data, and were currently seeing efforts in Congress to that end," McGuire said. "In addition to setting a base line for how people will be able to protect themselves, this legislation will force companies to work to better understand their role in protecting data upfront, rather than after they make a mistake."Despite those efforts, however, tougher laws may not inspire every organization to get its act together, said Douglas Rosinski, plaintiffs attorney in one of the two cases being brought against the VA. The group represented by Rosinski, who works for the law firm of Ogletree, Deakins, Nash, Smoak & Stewart, of Columbia, S.C., is demanding financial damages for individuals affected by the data loss, along with enforcement of stricter guidelines. According to information in the complaint, the VA employee whose laptop was stolen had been taking the personal information home routinely for at least three years despite organizational policies that forbid it. "Even though the federal government has been after the VA to do something about this for years, its clear they felt they could thumb their noses at the existing regulations," said Rosinski. "This wasnt an issue of ignorance; it was an issue of people who refused to improve data security policies even when told to do so." eWeek Senior Writer Wayne Rash contributed to this story. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
A laptop containing personal information of roughly 65,000 YMCA members is stolen from a Providence, R.I., facility. Click here to read more.