None of the privacy principles (especially NPP 4.1) will protect data containing personal information if care is not taken to physically secure it. How many office cabinets are left unlocked overnight ? How many files are taken home on the train?

Now we have a report from The Register (via Rob Hyndman) that Citigroup has admitted that a backup tape containing personal information on almost 4 million customers has gone missing. The tape contains Social Security numbers and transaction histories on
both open and closed accounts at the bank’s lending branches.

Some US States have introduced laws compelling public notification of data disclosure.