This post topic, while relevant, the actual contents hardly were. No rigor at all in the testing. No wonder I'm reading slashdot less and less.

This is one of the more interesting Slashdot stories in a while. I can put myself in your position and feel you emotions on this potential theft. It looks as if IBM is claiming they've made a substantial enough modification to the code/process/design to warrant a patent for them. As far as the USPTO lately, ever since the patented '1 click checkout' , the office has been suspect in my eye. I wonder how big of a potential market this patent has? One thought that I haven't seen mentioned is that, while this might be the more evil of two evils, you could contact the companies/people that are buying companies just for their patents. If this patent had enough value this might be a place to obtain some backing, again the value of this patent is unknown to me. Other than that it's more of a personal pride and justice argument, in these days of the Mortgage crisis and unbridled greed, with seemingly absolutely no consequences, there seems to be no honor, even among thieves anymore. Best of luck. look forward to a future post about the outcome.

http://bits.blogs.nytimes.com/2009/03/30/trolling-for-patents-to-fight-patent-trolls/

7 minute abs. "What if someone comes out with 6 minute abs?"

7 MINUTE ABS.

This is the stupidest thing I have ever heard or seen. This will go down as one of the most inane things the MS has done, and they've done a lot.

Dibs on the hack for this coming out before 7 is released.

The SD crowd has clearly expresses it's love of PGP, and I have lot's of love for it too. But from a business perspective this is a much larger question. From a tech side there are other products such as Microsoft Right's Manager and Adobe's Policy Server.
http://www.adobe.com/products/livecycle/rightsmanagement/
I'm not endorsing either of these products (so save the flame wars), but identifying that this market is much larger than PGP. There also add a lot of other features, like restricting printing, restricting how long a file can be accessed, multi-factor authentication etc.

As for sending the data that you mentioned (SS#, DOB etc) this is a fine marriage of technology AND company policy, along with state, local, federal and national laws. For example the EU laws are very strict about sending this information and you need to be familiar with each nations requirements. Additionally, sending sensitive data across borders is a concern. As an example, a client could NOT outsource certain HR functions because of these laws. And when overseas certain HR develoment was done a thorough cleansing of the data needed to happen before it was either accessed or sent out of country (e.g. removing SS#'s Dob etc.)

In a nutshell you need your business to define what the security policies are, then use technology to the best you can to implement the policies. This is critical for SOX compliance and legal ramifications. Having the policy is almost, if not more important than the implementation often.

Cheers.