Data categories
"...unencrypted email containing..."
-- SBU (sensitive but unclassified) data: the lifeblood of defense contractors. Sometimes noted as "controlled unclassified information (CUI)" or the completely unhelpful "For Official Use Only (FOUO)". I can understand NASA having quite a bit of this, and even using unencrypted email at least within house or with NDA-signed contractors, but really they should be using an encrypted file-sharing system like the DoD requires.
-- Personally Identifiable Information: Ah, the HR stuff, which should REMAIN inside HR. All gov't agencies and major corporations deal with PII; handling it is no different than SBU/CUI.
-- International Traffic in Arms Regulations (ITAR) data: RED FLAG. ITAR deals with any item on the US Munitions List and only comes into play when "sending" data internationally (also applies to visitors/phone calls such as to a US citizen, working within the US, for a foreign company/agency). Tracking ITAR releases is the bane of all Export Control departments at every defense contractor. Even hinting that anyone is sending military/materiel-related data internationally is a big no-no for anyone, especially our (supposedly) "civilian" NASA.
Scientists may not bother with security, but in the private sector messing around with these means you're fired, and scientists should at least care about JOB security.
Biting the hand that feeds IT
