A council employee has lost a USB memory stick that contained sensitive information. The employer, Neath Port Talbot council in south Wales, has launched an investigation and is declining to comment on the case until it is concluded. It seems to me that if disk encryption software like AlertBoot was used to secure the data on that flash drive, perhaps the council may not be so silent on the issue?
No doubt that one of the reasons the council is keeping mum is because the situation is sensitive. Not only do they have a data breach on their hands (never mind that a serious breach seems to occur every other week in the UK; the public hasn't been desensitized yet and keeps screaming for blood. Good for them, I say), it turns out that the data concerns children. As parodied often in The Simpsons, people seem to lose their heads when children are involved. (Won't somebody please think of the children? -- Mrs. Lovejoy)
Except in this case, according to an anonymous source who works as a foster carer, the children are "end-of-the-line kids." I thought that meant terminally-ill children until I read the following comment:
"If the people around here knew about their backgrounds I would probably get a brick through the window…In some cases, if this information got out, it could put them at risk."
All the more reason, it seems, that the council should have made a better effort (yes, I'm assuming there was no encryption, although it's quite apparent the council has another set of reasons for keeping quiet) to secure the data. After all, if the council is making an effort to protect these children, and keeping their, erm, "status" secret was important, it just makes sense that any devices containing their information be protected as well. I see it as an extension to what they've been doing to date.
The council should, while conducting this investigation, also look into encrypting their digital files, be it on laptops, memory sticks, or portable USB disk drives. (Personally, I'd suggest they encrypt their desktop computers as well. The odds are low that a desktop will go missing, but the data breach coming from such an event has as much, or perhaps more, of an impact as losing a USB flash drive).
The sooner they start, the sooner they can minimize the risk of a data breach. No guarantees that stuff won't be missing, though. Memory stick encryption software can only guarantee the security of data.
Related Articles:http://news.zdnet.co.uk/security/0,1000000189,39586131,00.htmhttp://news.bbc.co.uk/2/hi/uk_news/wales/7795757.stmhttp://www.thisissouthwales.co.uk/news/Lost-info-kids-risk/article-563282-detail/article.htmlhttp://www.publicservice.co.uk/news_story.asp?id=8097