At risk, everyone's credit and good name

ONE person didn't follow the rules. In this odd, new world of large databases, portable computers and interconnectivity, that's all it took to put at risk the personal information of 161,000 current and former Boeing employees — names, Social Security numbers and some birth dates and bank-account numbers.

A Boeing announcement says an employee apparently took a computer "off site" and it was stolen by a "ring of thieves" working in the area. Details are sketchy because investigations — both internal and by the police — are ongoing.

Every business ought to take a lesson from this breach of security. Employees have every reason to be asking about their companies' information-security policies.

The Boeing case is only the latest, since February, of 92 known incidents of compromised personal data at organizations ranging from banks to universities to the U.S. Air Force, according to the Privacy Rights Clearinghouse, a nonprofit consumer-advocacy organization. All told, the private information of 51.7 million people is at risk. More than a third of the cases resulted from lost or stolen computers, disks or tapes.

Boeing notified all people believed affected, as required by a new state law, and is trying to help them figure out how to secure their credit from possible fraud. But the company's assurance the information is password-protected is small consolation.

Though so far there is no evidence of fraudulent use of the Boeing information, damage has been done to employees' peace of mind. Individuals have few legal recourses against any employer whose inadequate security systems put their data at risk. They can sue, but they have to prove they were the victims of fraud.

Federal law requires financial companies to implement reasonable safeguards against personal-data theft, but it does not apply to most companies. Still, the FTC's Web site offers some "best practices" that can be followed by any company sincere about protecting employee and customer data (http://www.ftc.gov/privacy/privacyinitiatives/safeguards_educ.html).

Many businesses are stepping up to make sure security is keeping up with the convenience of the computer age. But too many clearly are not.