This computer contained data on all American veterans who were discharged since 1975 including names, social-security numbers, dates of birth and in many cases phone numbers and addresses -- nearly 30 million entries in all. Although the laptop was later recovered, the VA suffered a serious black eye, and Congress demanded that Secretary of Veterans Affairs R. James Nicholson testify about the breach. Rep. Bob Filner (D., Calif.) took issue with firing the worker, saying that the data analyst was authorized to take a laptop home and use a software package to access the data, contradicting Nicholson's previous testimony that the employee was not authorized to have the information at home. "He got all the approvals that he was supposed to have," Filner said. "I don't know of a policy that he violated, if you'll tell me one. And that's the real negligence -- that there were no policies."
SANS Security Policy Project has a wealth of resources for writing security policies, including primers and policy templates. Or take a look through Charles Cresson Wood's Information Security Policies Made Easy . Creating a mobile device security policy is a crucial step toward reducing business risk when your employees are on the road. Of course, the next step is to implement that policy, so check back next week for tips for the traveler, as well as nifty tools and software to help keep your company's data on a leash.