As mentioned in an earlier post, if you store data, it is vulnerable. In the case of CardSystems Solutions and the recent massive data theft, they were particularly vulnerable since they failed to secure their network, even though they had been certified to a security standard set by MasterCard and Visa. Of course, that certification process is prone to error. The key issue is that this data is really useful to companies in many ways, but only if people have access to it. Providing more access means less security. They shouldn’t have kept the data in the first place, and of course it got out into the wild. Minimalism should be the starting point of data security – if you don’t absolutely need it, don’t keep it. Unfortunately, the “more is better” paradigm is dominant in data as well as physical clutter.