When you hire a taxi to take you to the airport, you never know if they’ll be on time, if they’ll drive the same route or as fast as you, etc. So you plan on a little extra time. We also allowed a little more extra time because we knew we would be checking a bag filled with our scuba stuff. So we had scheduled the driver to pic us up at 9:30. He called at 9:20 to make sure he had the right address. He showed up right on time, drove the shortest route, and got us to the airport by 9:50. We walked straight to the self-check kiosk, checked in, turned in our bags, went straight through security (there’s never a line in San Jose) and sat down at our gate… with nearly two hours until our flight was scheduled to leave… and then it got delayed.

Our connection in LAX was already short at just 60 minutes. Getting delayed just made things a little more interesting. We flew there on a tiny 2×2 SkyWest plane, so we had to take a bus across the runway from the commuter terminal to the main terminal. We didn’t run, but we walked quickly… arriving just 5 minutes before departure. Luckily the plane had plenty of seats so we didn’t have to sit in our assigned middle seats on the 2x5x2 777.

The flight to MIA from LAX was smooth. There was plenty of room and opening the air nozzles even a little was enough to keep me quite cool the whole time. I did have some trouble with the in-seat entertainment system, but it was a pretty good flight. MIA is a huge airport. Getting from our terminal to the rental car high rise was a serious journey, but it went by quickly as we walked, talked, and rode the train there with another couple from our flight on their way to Lima. Enterprise made getting our car super easy. Literally no paperwork until after everything was signed, sealed, and delivered. They even upgraded us to a Nissan Altima. It’s not terrible, but it’s a long way from how good they used to be when we owned one. The CVT stuff is crap.

We took the 1 (South Dixie Highway) all the way to Key Largo, only stopping to eat at Shake Shack, and to pick up some essentials at Walmart. The Shake Shack was mediocre. The burgers were greasy. The fries were greasier. But the shakes were made with frozen custard and were very good, but also extremely rich. We don’t need to go back. Walmart was scary. Seriously. There were hundreds of shopping carts strewn throughout the entire parking lot, many slammed into cars. There wasn’t a car or truck in the lot without serious damage and scratches. I was honestly nervous about parking our nice rental car in that lot, especially with all our stuff in it. I thought about it almost the entire time we were shopping and 100% of the 30 minutes we stood in line trying to check out. Yikes. But we chose Walmart for one reason: they let you get $100 cash back when you check out. I’m not sure it was worth it, but at least we will have some tipping money tomorrow.

Now we just need to adjust to the new timezone. It’s way too late and we have to dive at 8:00 in the morning.

The post SJC -> LAX -> MIA -> Key Largo appeared first on jtalbot/blog.

Citigroup has begun the process of notifying 3.9 million of its current and former customers that information about their accounts (names, addresses, phone numbers, social security numbers, account numbers, account balances, transaction histories, etc.) has been lost. Apparently, this data was contained on backup media that was being shipped to an alternate location. Citibank shipped the backup tapes on May 2nd, but didn’t realize they were missing until May 24th.

Last month, Time Warner lost backup tapes containing all the data it had collected on 600 thousand current and former employees (going back 19 years).

Back in April, Ameritrade informed more than 200 thousand current and former customers that their personal information had been lost when their backup tapes didn’t show up at the desired location.

Do shipping companies like UPS, FedEx, DHL, and others really lose that many important packages? In my experience, the answer is no. What usually happens is something like this: Company has some change (backups were problematic and were not finished on time, a new shipping person was hired, etc.) that requires a new person to handle some aspect of shipping the backup tapes to the new location. This is where the trouble begins. The new person may not know the right address of the final location, write down just the building address, etc. The package is then shipped and signed for on arrival at the front desk. The receptionist assumes the person that had the package delivered will come claim it, since it wasn’t addressed to anyone or any department. A few weeks go by and the department realizes they don’t have their package. They panic, call the shipping company, and find out that it was signed out at the destination. They look at the signature, but don’t recognize it (the receptionist isn’t an employee of the department where the package was supposed to be delivered). They jump to the conclusion that the package was somehow intercepted. Company decides never to use that shipping company again.

Are banks and other companies losing track of their data more often these days? Why does it seem that we are hearing about it all the time, when we never used to hear about it? Is it because the data was never lost until it was all on computers and backup tapes?

We don’t know, but we assume that it is no more prevalent today than previously.

Until recently, companies were not required to disclose to anyone when they lost your personal information. Now they are only required to report it if the information was not encrypted. But didn’t Debby Hopkins, Citigroup CTO, state that the backup tapes were produced “in a sophisticated mainframe data center environment” and would be difficult to decode without the right software? Yes, she did say that. But it doesn’t mean anything. It is pure spin. Let’s remember that they are only disclosing this data loss because they are required to do so. And they are only required to disclose information loss when the information is not encrypted. This tells us that the backup tapes are not encrypted. Sure, you may need a copy of whatever backup software they used to make the tapes in order to piece the information back together, but you will not need passwords or encryption keys to recover and (ab)use that customer data.

Requiring companies to disclose loss of personal information is a great concept. If you trust them with your personal information, you want them to tell you if they give it to the bad guys. The trouble with this particular law is that it provides companies with a very low bar to jump over in order to avoid being required to disclose their missteps. Data that is encrypted before it is turned over to the identity thieves need not be reported. This is just sad. Whether or not your personal information was encrypted when it was handed to the bad guys is not the issue. They gave away your personal information, increasing your risk of identity theft, and you need to know about it.

Don’t worry, you won’t hear about these companies losing track of your data in the future. They have seen the light at the end of the loophole.

Soon after public disclosure of their loss, Time Warner has started encrypting its backup data, absolving it of the requirement to disclose future losses of your personal information.

Most Citigroup units send data in an encrypted form and are already free from the requirement to disclose personal information loss. Beginning in July 2005, CitiFinancial data will also be encrypted, absolving Citigroup of these public relations headaches when they lose track of it.

In the US, any data collected by a firm belongs to the firm that collected it, even if that data contains your personal information. In Europe, Canada, and Australia, your personal information belongs to you. Those firms who also have custody of it are merely controllers. I’m rarely a proponent for new laws, but I do like the UK Data Protection Act (and its European counterparts). I wish our laws did a better job of recognizing that you are the rightful owner of your personal information.

Companies should not be allowed to buy or sell your personal information. That’s your data. You may choose to allow a firm to have custody of your information, but only when you make that conscious choice. Once you release it, there’s no telling where it will end up.

The post Personal Information Loss appeared first on jtalbot/blog.