The New York Times recently posted an article about a wide-ranging set of data security issues that I found interesting.

This is the kind of thing that’s recently been guiding my thinking – not just encryption because CSB 1386 [for example] says you should, but holistic means of preventing loss of Confidentiality (via Information Disclosure threats e.g. not just the always-discussed-but-rare-in-the-real-world MITM SSL attacks but lo-tech attacks like getting hired at the delivery company that picks up your backup tapes).