Data breach incidents were all over the news in 2006. From the loss of 26 million veteran records on a laptop (later recovered) in May to the recent news about potentially millions of TJ Maxx customer payment data being accessed by hackers, it's been a big year for data breaches. National Consumer Protection Week is a perfect time to take a closer look.

Privacy Rights Clearinghouse has put together a detailed chronology of all the data breaches since February 2005 and has used this information to analyze exactly what is happening to our private data. I've reformatted their basic chart to make it easier to read (click to see it full size):

There are some amazing disparities here in how consumer data was lost between different sources. Businesses and medical offices are most likely to expose consumer data through laptop theft. While the military and government loses data through what Privacy Rights calls "human/software incompetence." And more than half of university data breach cases involved hackers.

I'm not a data security expert by any stretch of the imagination, but even I can see that there are some very important lessons to be learned from this analysis:

• Business - DO NOT LET SENSITIVE DATA BE STORED ON OFFSITE LAPTOPS!!! According to Privacy Rights, 55% of laptops involved in data breaches were stolen outside the office. To make matters worse, only 6% of the stolen laptops protected the data with encryption or passwords. 
  
  This isn't exactly rocket science, folks. Solid encryption software or encrypted USB thumb drives are available for about $30 online.  The best advice here is to not store any sensitive data on laptops. If you absolutely must, invest in encryption and privacy solutions to ensure it will be safe. You can read more about laptop security online.
  
  
• Government & Military - I don't know exactly what Privacy Rights considers to be in the "human/software incompetence" category but I am sure that it includes posting sensitive data on publicly available websites, failing to shred documents before throwing them away and discarding computers without erasing hard drives. All three of these goofs led to data breach incidents in the public sector in 2006. Government agencies should follow a set of strict rules for storing, security and safely destroying the vast amounts of data they manage. The new recommendations made after the VA data breach in May are a start, but they are not mandatory.
  
  
• Universities and Colleges - It is time to get very serious about protecting your data from hackers. Most colleges these days have their own computer science departments that teach this stuff, so there is no excuse. Start by hiring some extremely bright security guys to implement airtight data protection systems including firewalls and encryption. Then sign up for audits from HackerSafe to make sure there are no vulnerabilities. And, of course, DO NOT use Social Security numbers as student ID's.
  
  
• Medical Offices - Like businesses, medical centers should also put an absolute stop to storing sensitive data on laptop computers. And all patient data should be encrypted, no exceptions.  Medical offices almost always deal with large volumes of Social Security numbers and should be especially careful about how this data is stored. It would be even better if medical providers and insurance companies would stop using SSNs as patient identifiers altogether. As medical providers slowly join us in the digital age, companies like IBM are putting together platforms that help address security concerns and support HIPAA compliance. HIPAA security regulations include strict rules concerning data safeguards but there isn't enough enforcement to ensure that the complicated protections are really in place.

Just reviewing this information has made me extremely nervous about the safety of my own personal data. Do you work for a business, government agency, university or health care provider that has great data security? Terrible data security? Are you an IT or security expert who has advice to share? Post your feedback in the comments section below.