The head privacy honcho for the city of Alberta, Canada recently found the city lost 48 laptops over the past four years. Hard drive encryption was not used to protect the contents. More glaringly, there were no efforts to find out what type of information was stored on the missing computers: of the 48 cases, only in one instance was there an investigation made.
In that one instance where a post-breach investigation was conducted, it was found that the stolen computer stored resumes. Alberta's privacy watchdog, Frank Work, has been left "stunned" and wondering what was on the 47 other laptops. Work also notes--with a certain degree of irony, I'm sure--that "We were screaming about encryption (in 2006)...and over the same period you have a laptop a month going out the door, and the city has done what about it? They're not even looking at the contents of the devices." All that screaming for encryption was directed towards private-sector, however: A bill going through the legislature will require private-sector organizations to report lost personal information to the privacy commissioner's office, Work said. "We don't have an equivalent for the city. I just never thought it was necessary for public bodies. I naively thought they would be more responsible, but this report has kind of woken me up." [edmontonjournal.com] Erm...I don't know if I would go around calling it naiveté: based on my research into breaches, governments are up there when it comes to appalling data security. It's kind of hard to believe that someone with the title of "information and privacy commissioner" would believe that government bodies don't require the use of encryption software. Thankfully, the past need not be the present, nor the future: encryption of laptops started this year, and most have been deployed with it. Also, a specialist will be assigned to investigate whether missing computers held personal information.
In that one instance where a post-breach investigation was conducted, it was found that the stolen computer stored resumes. Alberta's privacy watchdog, Frank Work, has been left "stunned" and wondering what was on the 47 other laptops.
Work also notes--with a certain degree of irony, I'm sure--that "We were screaming about encryption (in 2006)...and over the same period you have a laptop a month going out the door, and the city has done what about it? They're not even looking at the contents of the devices."
All that screaming for encryption was directed towards private-sector, however:
A bill going through the legislature will require private-sector organizations to report lost personal information to the privacy commissioner's office, Work said. "We don't have an equivalent for the city. I just never thought it was necessary for public bodies. I naively thought they would be more responsible, but this report has kind of woken me up." [edmontonjournal.com]
A bill going through the legislature will require private-sector organizations to report lost personal information to the privacy commissioner's office, Work said.
"We don't have an equivalent for the city. I just never thought it was necessary for public bodies. I naively thought they would be more responsible, but this report has kind of woken me up." [edmontonjournal.com]
Erm...I don't know if I would go around calling it naiveté: based on my research into breaches, governments are up there when it comes to appalling data security. It's kind of hard to believe that someone with the title of "information and privacy commissioner" would believe that government bodies don't require the use of encryption software.
Thankfully, the past need not be the present, nor the future: encryption of laptops started this year, and most have been deployed with it. Also, a specialist will be assigned to investigate whether missing computers held personal information.
Related Articles and Sites:http://www.edmontonjournal.com/technology/Lost+laptops+shock+watchdog/2244883/story.html