Data-Time Inc. is a company which manages databases for a large city in Colorado. Included in these databases is information collected from the city’s homeless shelters and free clinics. Specifically, the databases contain personal information of the users of these services over the past 10 years; this includes people’s Social Security numbers and health records.
This data is highly secure and only accessible to the employees of Data-Time Inc. Employees are given a laptop when they are hired which allows them to access the database remotely. Unfortunately, one of these laptops is stolen and the security of the database is compromised.
A majority of the people whose information was compromised are homeless; therefore there is no easy way to contact them in order to alert them of the security breach. How should Data-Time Inc. manage this breach in security?
Clare Bartlett was a 2014-2015 Hackworth Fellow in Engineering Ethics at the Markkula Center for Applied Ethics at Santa Clara University.