Too many of our business processes are just as messy as the VA's. For years, we've collected data via the Web or by using customer relationship management systems, much of it data that we don't need, don't keep proper track of and haven't properly secured.

We let it be carried out the door every night in laptops, shipped cross-country in backup tapes and equipment, accessed over the Internet from employees' home computers. And in most cases, it's unencrypted, untracked and unsecured.

As we watch the VA's fiasco continue to unfold, we're in no position to feel superior or complacent. That could be us.

But we are in a position to see our own future. One image comes from that multibillion-dollar, class-action lawsuit on behalf of those whose personal data the VA exposed. If that lawsuit holds up in court, we're looking at potentially huge financial liability for every future data loss.

Another image comes with word last week that the American Institute of Certified Public Accountants lost personal information on its 330,000 members -- including names, addresses and Social Security numbers -- when a hard drive disappeared in transit.