Public and private, sunshine and reign.

Something is amiss in the world of records and information: Too many public records are being kept in the dark, while too much private, personal data is being aired in sunlight.

First of all, too many U.S. politicians are deleting electronic records, depriving the public of information they may be entitled to see. Nikki Swartz detailed a recent example of this in an "On the Edge" article on p. 22 in this issue. Missouri Gov. Matt Blunt and his administration are currently under investigation by the state attorney general for possibly destroying public records in the form of e-mails. Last September, the Blunt administration fired a staff attorney, Scott Eckersley, saying he was let go "for cause." Eckersley contends that he was fired because he challenged Blunt's position on e-mail retention and warned the governor's staff that state law requires them to save e-mails. Blunt's staff said Eckersley never told them to retain e-mails. When pressed, Blunt told an Associated Press reporter, "Our policy is to follow the Sunshine Law. That's it." (See "On the Edge" for more about Missouri's Sunshine Law.)

Secondly, too many marketers and retailers are exposing too many citizens' private information to sunlight--letting both hackers and legitimate marketers steal a glance and maybe more. For instance, in late November, Facebook, the social networking website, said it would rein in parts of a new advertising program that send messages to users' friends about what they're buying online. However, the website relented only after more than 50,000 members signed a petition objecting to the advertising program.

Of course, any type of personal electronic information has the potential to suddenly turn back and bite an individual. As a November 25, 2007, "60 Minutes" TV segment reveals, even using a credit card while shopping at the mall can make you vulnerable to ID theft. "Do you think twice when typing in your credit-card number online, but have no problem handing over your plastic card at a store?" "60 Minutes" correspondent Lesley Stahl asks. "Well, actually, you may have it backward," Stahl said. "Your personal information may be more secure in cyberspace than at the mall down the road."

That's because, the segment explained, earlier in 2007, TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records--a theft that could have been prevented. This and similar occurrences frequently stem from retailers using an outdated encryption code called WEP, which was developed in 1999, but has since has been cracked by hackers and made obsolete. A much-better encryption code called WPA has been developed, and credit-card companies urge retailers to upgrade to WPA, but many retailers resists WPA technology because of its cost.

Meanwhile, across the pond, in another type of security breach, U.K. government workers in November 2007 lost two computer disks containing the names, addresses, dates of birth, national insurance numbers and in some cases, banking details, of approximately 25 million U.K. residents. The two disks were sent through the government's interoffice-mail system with no special tracking number. The breach was Britain's worst personal data security blunder and second only to the U.S. government losing data on 26.5 million former servicemen in 2006.

Finally, just to show that all security breaches shouldn't be blamed on computers, here's another recent story: After two incidents within two months, in which personal records of its 28,000 students were stolen, lost, or left unsecured, The University of Cincinnati (UC) in Cincinnati, Ohio, said it would install encryption software on more than 8,000 UC computers to protect sensitive records. However, a Cincinnati newspaper, The New Record, discovered a room at the McMicken College of Arts and Sciences containing multiple, unlocked filing cabinets filled with student information. The newspaper reported that staff members were able to enter the unlocked room, open file cabinets, and access inactive student documents easily and without being questioned.

At least this problem has a simple solution. "Lock your file cabinets," Kevin McLaughlin, director of UC information security, told The New Record. "Lock your desks and don't keep sensitive data that you really don't need."