THE THEFT of a laptop computer loaded with 98,000 names and identifying Social Security numbers from a UC Berkeley office earlier this month underscores again a reality of the information age: There's little one person can do to protect his or her personal data from going astray.

Even if one faithfully shreds or blacks out lines on financial documents, would never answer a "phishing" e-mail or give out personal data online, the chances are, if one's most private information goes astray, it was stolen from a big institution -- such as a university or a financial institution. Those are the institutions that top the list of those reporting data breaches, according to the California Office of Privacy Protection.

It is time to stop the blame-the-victim message (and the solicitations for identity-theft insurance) and toughen up data protections nationwide.

Personal data is a highly prized commodity today. The jewels of the industry -- a Social Security number, driver's license number or date of birth linked to a name -- have a street value of $25 or more, according to state law enforcement.

Much of what we, as consumers, know of the pervasiveness of data theft comes as a result of a California law that requires institutions to notify customers of a possible incursion. By law, if a state or private institution knows that someone has hacked into a server or a laptop, that a fully loaded PDA is missing or that a disgruntled employee has walked out with reams of printed data, notices must go out promptly to those affected.

That same law has also pushed institutions in California to develop new practices to guard computers and control data; anything to avoid the public shaming -- and liability -- of being revealed as a sloppy data handler.

To bring these practices and awareness of the problem to the federal level, Sen. Dianne Feinstein is proposing three bills. S115 would expand nationwide the notification law pioneered by California. The Democratic U.S. senator has also introduced S116, which would require companies to get permission from consumers before selling their personal information to data brokers.

Her third bill, also an expansion of California state law, would prohibit sale or display of Social Security numbers to the general public without the individuals' knowledge and consent. These are all wise safeguards that Congress should adopt.

These efforts, however, will not remedy what allowed the March 11 theft from UC Berkeley. That will take congressional efforts to restrict researchers from filing individual student data under Social Security numbers -- as well as a key to lock up an unattended laptop computer.