Use EFS!
From Sans NewsBites:
Laptop in Lost Suitcase Holds Grocery Chain Retirees’ Pension Data
A laptop that was in a checked bag lost by a commercial airline last month contained personal data belonging to people who have retired from four US grocery store chains owned by Ahold USA. The affected former employees have been notified by letter, but the company is not releasing information about the number of people affected. An Electronic Data Systems Corp. employee lost the computer; that company provides data processing services for Ahold USA’s pension plan. An EDS spokesperson said the employee violated company policy by placing the computer in checked luggage.
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000953
-http://www.usatoday.com/money/industries/technology/2006-06-02-lost-grocery-data_x.htm
[Editor's Note (Ranum): The important phrase here is: "the employee violated company policy by placing the computer in checked luggage." Since a great deal of security practice today is based on procedural "controls" rather than technical enforcement you can see exactly how effective it is: all you need is one person who ignores the procedures and you're in a world of hurt. A more pertinent question would be "why is it even possible for people to gain unfettered access to complete subsets of a database?" ]More Missing Laptops
A laptop lost on an airline flight contained data, including names, Social Security numbers and fingerprints, belonging to nearly 300 IRS employees and job applicants. The IRS plans to send letters to all people affected by the potentially exposed data.
-http://www.msnbc.msn.com/id/13152636/
(6 June 2006)
Four laptop computers stolen from the offices of Buckeye Community Health Plan in Columbus, Ohio contained data belonging to 72,000 subscribers in three counties and medical data belonging to 13,000 subscribers. The company plans to notify all those affected by letter.
-http://www.insurancejournal.com/news/midwest/2006/06/06/69179.htm?print=1
(1 June 2006)
Two laptop computers stolen from the offices of the YMCA of Greater Providence (RI) contained personal data, including names, addresses and some credit card, bank routing and Social Security numbers, belonging to more than 65,000 YMCA members. The YMCA plans to notify members of the security breach.
-http://www.projo.com/digitalbulletin/content/projo-20060601-ymca.4420eea2.html
Technologies such as EFS can solve this problem quite easily.
Yes, the data might still be stolen, but will be relatively secure from prying eyes. Especially if full-disk encryption can be used to ensure slack and swap space are encrypted.
Bill