Search This Blog

Wednesday, June 27, 2007


PFIZER EMPLOYEE DATA LOSS UPDATE


After my recent post on Pfizer’s loss of 17,000 employee private records, including names and Social Security numbers, I received an e-mail from Ed Silverman who runs the Pharmalot blog shedding additional light on the subject. His article, “Pfizer: 17,000 Employees Suffer Privacy Breach,” is a must read for the privacy minded. His blog is also good if you want to stay in touch with what’s going on in the pharmaceutical industry. Pharmalot was the first to release the Pfizer story including a letter from Lisa Goldman from the firm’s privacy office. Let me address some of the bizarre statements made by Goldman. Pfizer: “The information was stored on a Pfizer laptop computer that was provided to a Pfizer colleague for use in her home.” Comment: Only the dumbest of companies would still allow sensitive data on a laptop outside the company after the VA incident (26.5 million lost records), and the hundreds of incidents that have followed. Pfizer: Sensitive data “…were exposed to one or more third parties.” Comment: In this case one of the “third parties” was the Pfizer employee’s spouse, which indicates there was either no password protection, or the spouse had the password. Pfizer: “Our investigation revealed that certain files containing your data were accessed and copied.” Comment: Since we know from the Pharmalot article that the information was uploaded to the Internet and copied, obviously no encryption. Pfizer: “Based on our investigation to date, we have no reason to believe that any other personally identifiable information was exposed.” Comment: They haven’t the slightest idea and this is simply CYA. By now the American public should be tiring of all these excuses about the mishandling of their names and personal data, and demanding something be done immediately…like letting the consumer take control and manage one of the most valuable assets of their individuality.

No comments: