WellPoint finds its missing CD and gets off the hook for losing 75,000 customer records. Executives at WellPoint — the nation’s largest managed health care services provider — are breathing a lot better today, and not just because they’re keeping an eye on their diet and maintaining an optimal level of physical fitness.Last week, the Indianapolis-based firm began the process of informing some 75,000 of its customers that it had lost a CD that carried unencrypted data including their health records and other personal data, however, the company claims it has now found the missing information.In a statement released late Wednesday, the firm’s New York-based Empire Blue Cross Blue Shield insurance unit said that the missing CD, which had been shipped to business partner Magellan Behavioral Health Services via UPS, by Health Data Management Solutions (HDMS), a third party vendor to Magellan, was discovered. The company offered few details of the recovery other than to say that the CD had merely been misplaced in transit. Something tells me that WellPoint might swap overnight companies from Big Brown to FedEx, or fire some of its mailroom employees.The incident highlights the challenges faced by corporations in meeting the increasingly strict terms of emerging data exposure reporting laws. As part of the statement on the misplaced — and more importantly unencrypted — CD the company couldn’t help but give itself a little pat on the back saying that it “accelerated member notification as our members’ security and trust are our highest priority.”Kudos to the firm for not actually losing the information, but it could have easily avoided the entire situation by somehow protecting the data. However, Empire Blue Cross said that it did have policies in place to prevent such incidents. “The information was not transferred in accordance to our contractual terms with Magellan, who did not require HDMS to encrypt or password protect the data,” the company said. “We are addressing these issues and we have made it clear to both HDMS and Magellan that their security practices with respect to the data transfer were unacceptable.”Magellan will now only transmit personal health information electronically over a secure network, eliminating CDs and the use of a delivery service, WellPoint said.I’m betting that the employee who failed to follow said rules is somewhere considering their job options right now. Databases